Monday, April 12, 2010

Loose Clicks Sink Ships

Since it is possible to analyze audio recordings of keystrokes, computer scientists have been able to reconstruct accurate transcripts of what is being typed, including passwords. By contrast with more sophisticated types of espionage, it is very easy to do. All that is needed is a cheap microphone and a desktop computer.

While past attempts at writing software to decipher the recorded keyboard sounds have only been at most 80% successful, Doug Tygar and colleagues at the University of California, Berkeley have developed software that achieves 96% accuracy. The software can decode anything, including scrambled ten-character passwords.

Dr. Tygar suggests simply turning up the radio to thwart these auditory invasions. However, since background noise will be ultimately overcome with more sophisticated recording, Tygar recommends that typed passwords be phased out, to be replaced with biometric checks or multiple types of authorization that combine a password with silent verification (e.g., clicking on a pre-selected image in an array of images).

See full article in The Economist.