Ed Felten summarizes a paper by Li Zhuang, Feng Zhou, and Doug Tygar in which they successfully demonstrated a method of taking a recording of a person typing on a keyboard for at least 15 minutes and translating the sounds into the keys and words being typed.
The researchers developed an algorithm to analyze the recorded typing,
First, it isolates the sound of each individual keystroke. Second, it takes all of the recorded keystrokes and puts them into about fifty categories, where the keystrokes within each category sound very similar. Third, it uses fancy machine learning methods to recover the sequence of characters typed, under the assumption that the sequence has the statistical characteristics of English text.
Recovering something like a password that is a semi-random string of letters and numbers is a bit harder, but with a sufficiently long recording the password space that needs to be tried can be reduced significantly.
And this sort of technique might even be pushed further,
This is yet another reminder of how much computer security depends on controlling physical access to the computer. We’ve always known that anybody who can open up a computer and work on it with tools can control what it does. Results like this new one show that getting close to a machine with sensors (such as microphones, cameras, power monitors) may compromise the machine’s secrecy.
There are even some preliminary results showing that computers make slightly different noises depending on what computations they are doing, and that it might be possible to recover encryption keys if you have an audio recording of the computer doing decryption operations.
I wonder about the sort of countermeasures that can be deployed against this sort of potential attack. Building a quieter keyboard would probably be easy to route around with more sensitive microphones. Perhaps there’s a way to add noise in a way that wouldn’t piss off users but would significantly increase the difficulty of deciphering the typing sequences.