Plugging a high-performance mechanical keyboard into a laptop may speed up your typing, but there’s one thing to bear in mind. One of the key selling points of these types of keyboards – the acoustic feedback – can give away sensitive data. Yup, you are reading that right: it is possible to sniff out internet banking credentials just by listening to the keyboard's acoustics.
Stealing Passwords Using a 10-Minute Sound Recording
A combination of standard machine learning and speech recognition techniques including hidden Markov Models, linear classification and feedback-based incremental learning has made it possible for researchers of the University of California to recover up to 96% of typed characters using a 10-minute sound recording of a user typing English text on a keyboard.
How Is That Possible?
Chances are you have already experienced the shock revelation that typing on a keyboard results in a sound. Due to the keyboard's physical characteristics – the character-engraved keys are assembled on top of a plastic plate – different areas generate different sounds. Our human hearing may not be able to distinguish the sounds, but when recorded and analyzed by sophisticated software these hidden variations can be detected. As a result, this could well lead to having your account details and passwords stolen.
The average user types up to 300 characters per minute. Keyboard mechanisms require a keystroke that contains a push and a release and, according to research conducted by IBM security researchers Dmitri Asonov and Rakesh Agrawal, the period from push to release is typically 100 milliseconds. This is enough for hacking software to distinguish between the consecutive keystrokes.
Using various techniques, the software can be taught to translate the sound of keystrokes into the correct characters. This means that you must take your security seriously and put effort into protecting your digital life.
Thank You, Amazon: Eavesdropping Has Become Easier Than Ever
Don't fool yourself into thinking that recording keyboard acoustics requires close proximity to the computer. Decade-old tests have shown that it is possible to successfully record keyboard strokes from as far away as 50 feet and reproduce the text typed into the computer, even with significant background noise.
Considering how fast technology is evolving, it would be foolish to assume this type of eavesdropping is not possible. Microphones and software have improved, and let's not forget that the latest spy technology can now be delivered directly to your home: just visit Amazon, where you can buy spy cameras hidden in pens, microphones hidden in a phone charger or a plant, and so much more. In other words, eavesdropping has become easier than ever. What we may use as pranks to fool our friends can just as effectively be used by hackers for malicious purposes.
Giving Away Passwords By Typing While Skyping
Speaking of technology, the rise of VoIP apps has changed how we connect to people across the globe for the better. Skype, for example, has grown into a VoIP giant, counting hundreds of millions of users spending trillions of minutes in front of their computers speaking to each other.
Typing on the keyboard while Skyping might not be polite, but did you know that it can also be dangerous? Researchers from the University of Padua and the University of California, Irvine have developed Skype&Type software that is capable of learning the sound frequency of specific keys on the keyboard. In other words, if you are logging into an online account by typing your password while Skyping with someone, you could in fact be giving away your credentials to that person.
How to Protect Yourself Against Keyboard Eavesdropping?
Typing on a computer keyboard is unavoidable, it’s pretty much the only way to issue commands and impart information from your brain to the computer. And using a keyboard is part of your digital life so there is no workaround, at least not when it comes to entering your password into an online account via a keyboard.
What you can do is reduce the dependence on the keyboard during the login process by using the auto-fill feature that comes with most secure browsers, or use any of the password managers that we have reviewed. Security researchers recommend using a password manager instead of web browsers, because these services provide a more secure environment where all the passwords, login credentials, and much more can be safely stored.
Best Password Managers of 2019
|Editor's Choice 2019|