
Researchers recover typed text using audio recording of keystrokes (2005) - AndyBaker
http://berkeley.edu/news/media/releases/2005/09/14_key.shtml
======
jaysonelliot
My uncle was a career NSA man. In the 1970s, his job (I learned decades later)
was to modify and maintain all the typewriters in the White House so their
keystrokes couldn't be used to identify what was being typed on them.
Presumably the concern was that something like a Buran eavesdropping system
could be used to detect vibrations in windows, and the sound of the typewriter
keys then extracted and analyzed to recover the text.

My grandfather (also career NSA) used to tell me that it would seem like
fiction if people knew some of the things that technology and a good
cryptanalyst could do. I think he was right.

~~~
keithpeter
_" his job (I learned decades later) was to modify and maintain all the
typewriters in the White House so their keystrokes couldn't be used to
identify what was being typed on them."_

How would you do that? Soundproofing? Delay on the mechanical action? What is
the fingerprint that allows transcription of a sound sample?

[https://www.freesound.org/people/keithpeter/sounds/123344/](https://www.freesound.org/people/keithpeter/sounds/123344/)

have at it...

~~~
candeira
If I was given this job, not knowing anything about typewriters or spying, my
first plan would be to modify all typewriters regularly by switching parts
around according to a random draw, and also by rejigging any calibration
settings (individual letter height, etc). This would modify both the sound of
the typewriters and the fingerprints of the actual typed output [1].

This way, there would never be a per-typewriter profile, because all machines
are randomised every week. Obviously, I'd also have a white-room analysis team
checking whether the scheme works.

Maybe someone who knows more about typewriters could tell me whether this
would work at all, or there is a fatal flaw.

[1]
[http://scholar.google.com.au/scholar?q=%22typewriter+identif...](http://scholar.google.com.au/scholar?q=%22typewriter+identification%22&btnG=&hl=en&as_sdt=0%2C5)

------
sillysaurus3
Link to the paper:
[http://www.cs.berkeley.edu/~tygar/papers/Keyboard_Acoustic_E...](http://www.cs.berkeley.edu/~tygar/papers/Keyboard_Acoustic_Emanations_Revisited/tiss.preprint.pdf)

It's pretty interesting. It's an algorithm which, given a recording of you
typing out several HN comments, can generate an acoustic profile of how you
type on your particular keyboard. By assuming that you're typing English, it
can infer what words you're typing based on its rough guess, and then it can
train itself to recognize keystroke sounds that it previously got wrong. After
a few times of doing this, it claims to be accurate enough to recover your
passwords from a recording of you typing them in.

------
danbruc
Related: (sp)iPhone: Decoding Vibrations From Nearby Keyboards Using Mobile
Phone Accelerometers

[http://www.cc.gatech.edu/~traynor/papers/traynor-
ccs11.pdf‎](http://www.cc.gatech.edu/~traynor/papers/traynor-ccs11.pdf‎) (Not
working for me right now.)

[http://dl.packetstormsecurity.net/papers/general/traynor-
ccs...](http://dl.packetstormsecurity.net/papers/general/traynor-ccs11.pdf)

------
pdubs
Some of the previous work on this involving timing attacks against SSH [1] is
particularly interesting because it's so obvious in retrospect, but no one saw
it when SSH was being designed.

[1][http://www.cs.berkeley.edu/~daw/papers/ssh-
use01.pdf](http://www.cs.berkeley.edu/~daw/papers/ssh-use01.pdf)

~~~
EGreg
About the nested ssh attack - I don't get it, how come the ssh client on B
waits until return is hit to send the password but the client on A doesnt?

------
antr
fwiw, when i used to work in finance, the team i was in used to handle very
sensitive market-moving data. one day, without warning, all of the offices
keyboards and mouse where changed to "more secure hardware/peripherals" by
orders of the cio and its staff. this was in 06/07, at the time i thought they
were paranoid - now i think otherwise.

~~~
gamegoblin
Do you know what was different about them?

~~~
antr
i remember all wireless devices were made wired, all keyboards where non-
mechanical, very simple/traditional layout (no multimedia keys, etc) and no
usb interface. i'm sure there was more to it, but that is all i saw/remember.

------
programd
This is a very old idea. I recall that in the 1987 book "Spycatcher" Peter
Wright wrote about listening to typewriter keystrokes through a microphone bug
in some embessy. He was the head scientist in British intelligence and the
book caused a bit of a stir at the time, being the subject of censorship
attempts. I think this audio bugging of keystroakes may go back to the 1960's.

------
userbinator
I wonder how well this would work for really fast (150WPM+) typists, since at
that speed the keys are often being hit simultaneously by many fingers and it
becomes much harder to distinguish the individual sounds. The spacebar still
remains distinct-sounding, however.

~~~
webreac
fast typists are more regular. This should create patterns easier to
recognise.

------
dasil003
Doubt they will make it very far with me since I do most of my keystrokes in
vim. I'll stick to being paranoid about van eck phreaking.

------
higherpurpose
Now smartphones will need protection against listening to keystrokes from the
environment around them.

