

How to acoustically snoop typed keystrokes - plasticbuddha
http://freedom-to-tinker.com/blog/felten/acoustic-snooping-typed-information

======
fleitz
Instead of using that technique why not ignore the sound of the keystrokes all
together and instead use timing techniques such as those used for snooping
passwords for SSH?

You can derive the keys by timing the small differences in the time it takes a
finger to reach each key. At least using this data should improve the accuracy
of the audio only method.

I wonder if you used two microphones whether you could triangulate the keys?

~~~
sukuriant
As a fun exercise for the reader, given two microphones X distance apart and a
sampling rate of each mic of 8khz, how far apart do the keys need to be to be
distinguishable from oneanother in STP.

~~~
fleitz
@ 8 Khz ~4 cm, however at 192Khz they'd only need ~1mm. Working backwards from
standard key spacing of 19.05 mm you'd need a sampling resolution of ~18Khz.

Because the mics are unidirectional you're looking at two constraints one that
the keys all fall within the union of two circles circumcribed on the points
defined by the mics (any key outside of that union has infinite solutions) and
the sample rate must be greater than speed of sound / keyspace distance.

I think using two mics would actually produce two solutions for each key, so
you'd need three mics. You could probably easily eliminate this using a hidden
markov model of english character usage.

~~~
sukuriant
I'm not so sure about the latter part. Could you expound upon that? I'm
vagualy familiar with a similar "infinite number of solutions" property with
regard to two cameras; however, assuming:

* the keyboard is on a flat plane and,

* all keys are on the same side of the plane that is defined by the line connecting the two microphones and tangent to the plane that the keyboard is on,

shouldn't a well placed couple of microphones have a single solution (within
the understood circle of uncertainty from sampling an analog signal)

[edit: clarified my question]

Actually, I think I know why it's not "that simple." All of my mental diagrams
assumed you knew the time from key impact to the sound being heard by the
first mic. This isn't the case. You only know the time between the first mic's
experience of the sound, and the second mic's experience of the sound. Given
that, you have a different set of constraints.

------
gpambrozio
Cool. I can't read the paper but I wonder how quiet does the environment has
to be for this to work. Does ac noise interfere with this?

Guess that's another reason to use an iPad...

~~~
sukuriant
Much of that can be filtered out, I'm sure.

