What's New: Crack Passwords by Listening

Researchers at UC Berkeley have announced they can duplicate approximately 96% of a computer user's keystrokes simply by listening to the sounds of the typing. A new paper explains that after listening to the sounds of someone typing for 10 minutes they could piece together the letters typed simply by comparing the sounds of the keys being pressed.

The researchers admit they did not factor in keys such as Shift and Backspace, but they did use a $10 microphone and open source spell checker software to do the analysis. They also say they were able to guess 90% of all randomly generated five-character passwords within 20 tries using these techniques. For these reasons they have refused to release the details on how this was accomplished. It is not unreasonable to theorize a virus or spyware program that records through a computer microphone would be possible.

What does this mean? Perhaps even long, random passwords are outdated, and other solutions like biometric security should become the norm for concerned businesses. Of course, if bugs are being used it may be more common for a user's password to be spoken, especially in answer to that common question, "What's my password again?" In the meantime, the simple solution is to turn up the background noise.

Wednesday, Sep 14, 2005 09:49 am CDT

Tell a friend about this news item!

Return to the article list...