
Decoding Vibrations From Nearby Keyboards With Mobile Phone Accelerometers [pdf] - draugadrotten
http://www.cc.gatech.edu/~traynor/papers/traynor-ccs11.pdf
======
JonSkeptic
While interesting, I don't view it as having much of an impact. Page 6 states
that there was a significant training period for their machine learning
algorithm that involved sending the bluetooth from the keyboard through the
phone to train it.

In the real world, if you have compromised someone's phone and have access to
their key strokes through bluetooth, why do you need this method at all? Even
in some contrived circumstance where it was more feasible, it would probably
be better 100% of the time to try to compromise the phone's bluetooth, audio,
camera, or wifi capability before targeting the accelerometer and then hoping
that they happen to leave their phone close enough to the keyboard and hope
that your algorithm can decode keystrokes on a keyboard that it has never
heard before, which may also be a type of keyboard that it has not heard
before.

All in all, it's a cool experiment which shows that we can do some interesting
and non-conventional stuff with accelerometers, but it's not practical in the
slightest.

~~~
jre
It's definitely far from being an easy attack. But it raises an interesting
question in that the current smartphone security models don't require special
permissions for accelerometer access whereas they do for cameras and other
things.

With this kind of stuff and other advances in activity recognition, allowing
any app to record anything using the accelerometer might become a privacy
threat.

~~~
paulgb
Both Android and iPhone expose an accelerometer API _even to web pages_
without user input, although I'm not sure what the sample rate is.

~~~
VladRussian2
sounds like one can be tracked even without GPS, just by integrating
accelerometer data and even one fixed point of reference may be not necessary
as the pattern of movements can, in many cases, be uniquely aligned with the
pattern of streets/etc...

~~~
paulgb
Interesting, I could see this working with an app that didn't have GPS
permissions especially in rural areas where the roads might have a unique
fingerprint. Through the mobile web APIs the phone's screen has to be on for
the JavaScript event loop to run so that would be a harder way to do it.

------
delinka
I don't see why you need realtime "decoding" of the vibrations. You record the
motion, then later analyze it. I'm sure different kinds of work involve
different patterns of typing (e.g. writing code uses different typing patterns
than transcribing legal documents) and those patterns can be recognized after
the fact to reconstruct most of the typing.

That said, there are much easier methods to go about obtaining keystrokes from
a victim ...

------
codeulike
_Our application instead detects and decodes keystrokes by measuring the
relative physical position and distance between each vibration. We then match
abstracted words against candidate dictionaries and record word recovery rates
as high as 80%._

So we're all going to have to use constantly vibrating keyboards now to fool
the accelerometers. Oh great.

~~~
DanBC
I'd be interested to see what happens if the keyboard is put on rubber
grommets or a sponge mousepad.

It'd be tricky to get enough damping without making the typing action
horrible, I think.

~~~
mseebach
Put your phone on something soft? I like to leave mine on a sponge mousepad so
the vibration doesn't amplify through the table.

------
iandanforth
This is a real problem. You should be scared. Also, you should buy a VibraDamp
Laptop/Keyboard mat from me. Protect yourself today! For added protection I
will also make up and sell a VibraDamp Mini to keep your phone on!

~~~
twic
Made out of the finest hatter's tinfoil!

------
mbq
I wouldn't submit such thing without checking how the accuracy changes when
the phone is relocated, when the desk is changed or even when a different
specimen of the same keyboard type is used. But I strongly agree that the
sensor access privilege is deeply underrated -- Android doesn't even mention
it!

------
nly
This made me install an Android app (Seismograph) to test to see how my Nexus
4 picked up my key presses. I had it set to the maximum sample rate, with my
phone on the desk as close to my laptop as possible whilst not touching it,
and it couldn't pick up anything. I suspect therefore this is more of an issue
for to-the-desk peripheral keyboards.

It does make me wonder though if the _sound_ of each individual key press is
subtle and unique enough to be identified.

------
djpowell
killnine: btw you have been hell-banned for the past 18 months. pretty harsh.

~~~
user24
wow. I can't even see what he did to deserve it.

~~~
waqf
Maybe people _really_ hated his/her link to a Google-bashing MSDN article? Can
you get an automatic hellban for sufficiently many downvotes?

------
javajosh
A very interesting generalization of Tempest [1].

Has anyone tried to recover keypresses from a video of someone typing? That
would be an interesting challenge, I would think, especially if the video is
at a poor angle.

[1]
[https://en.wikipedia.org/wiki/Tempest_(codename)](https://en.wikipedia.org/wiki/Tempest_\(codename\))

------
cscheid
Seems like a rare case where using this technique gives you much more entropy
from a good passphrase than from a good password (although I guess over the
shoulder watching is similar)

------
ChuckMcM
Ok, who wants to be the first person to build a usb powered 'thumper' which
sits on your desk and raises the noise floor for vibrations and defeats this
attack?

~~~
marshray
How about we just not buy products with a microphone or accelerometer that
doesn't also have a hard cutout switch?

~~~
ChuckMcM
That would be nice, but given that threat exists, paranoid people will want a
way to mitigate it.

~~~
marshray
s/paranoid/people who handle information of any value/

------
mekpro
Can this research be improved to turn all dumb keyboard into wireless one ?
I'm not sure in technical limitation on how much this can be improved.

~~~
jl6
Nice idea for a battery-free wireless feature, but then I guess we'd be
complaining about this security issue.

------
JoachimS
I would love to see how much better the detection would be if the
accelerometer input was combined with the microphone.

------
OldSchool
Hopefully a disclosure like this prevents at least one patent.

------
chris_mahan
That's won't work with the touchscreen keyboard.

------
matiasb
I thought about a similar idea some weeks ago :d

------
glifchits
Makes me want to try to learn DVORAK

~~~
hudibras
I've already added it to my "Here's the advantages of Dvorak, you should
totally join my cult" speech.

