Hacker News new | ask | show | jobs
by kanzure 4801 days ago
> from audio recordings of known keyboard keys clicking

Neat.

http://dl.acm.org/citation.cfm?id=1102169

"We present a novel attack taking as input a 10-minute sound recording of a user typing English text using a keyboard, and then recovering up to 96% of typed characters. There is no need for a labeled training recording. Moreover the recognizer bootstrapped this way can even recognize random text such as passwords."

I think this also works on dvorak, but it might be stumped by plover + custom dictionaries. Especially for short typing sessions. Although short sessions might be mitigated by recording from multiple locations... hm.
1 comments
lstamour 4800 days ago
Thanks for sourcing my statement. I was worried for a minute that I'd misremembered it. (I'm also glad that's a word!)
link
kanzure 4798 days ago
Also, this is worth mentioning as a related attack:

http://static.usenix.org/events/sec06/tech/shah/shah_html/jb...

"In particular, we show a practical Keyboard JitterBug that solves the data exfiltration problem for keystroke loggers by leaking captured passwords through small variations in the precise times at which keyboard events are delivered to the host. Whenever an interactive communication application (such as SSH, Telnet, instant messaging, etc) is running, a receiver monitoring the host's network traffic can recover the leaked data, even when the session or link is encrypted."

link