on store-bought microphones and a modified speech-recognition program to identify typed letters. It was correct about half the time, which was accurate enough to then guess 10-digit passwords on one out of every 75 accounts.
Here are highlights from the May 2004 news article by SearchSecurity.com contributor Niall McKay that started it all:
Each key on computer keyboards, telephones and even ATM machines makes a unique sound as each key is depressed and released, according to a paper presented at the Oakland, Calif., IEEE Security and Privacy Symposium by IBM research scientist Dmitri Asonov.
All that is needed is about $200 worth of microphones and sound processing and PC neural networking software.
Today's keyboard, telephone keypads, ATM machines and even door locks have a rubber membrane underneath the keys.
"This membrane acts like a drum, and each key hits the drum in a different location and produces a unique frequency or sound that the neural networking software can decipher," said Asonov.
Asonov found that by recording the same sound of a keystroke about 30 times and feeding it into a PC running standard neural networking software, he could decipher the keys with an 80% accuracy rate. He was also able to train the software on one keyboard to decipher the keystrokes on any other keyboard of the same make and model.
Good sound quality is not required to recognize the acoustic signature or frequency of the key. In fact, Asonov was able to extract the audio captured by a cellular phone and still decipher the signal.
"But don't panic," Asonov cautioned. "There are some easy ways to fix the problem." First, close the door in the room where you're working. Second, buy a rubber keyboard coffee guard that will dampen the sound enough to make eavesdropping difficult.
However, Asonov said that he believed it was possible to use acoustical analysis algorithms to decipher key sounds based simply on gathering the data from just a couple of keys and extrapolating what other keys should sound like.
Asonov warned that his work was almost entirely based on the evidence from his experiments and that he has little or no theoretical information to back up his theories. For example, he discovered that it was the membrane that was providing the unique signature simply by cutting a keyboard in two and finding that the neural networking software no longer worked.