Careful or they'll hear your password

[David Farber <dave () farber net>]

Begin forwarded message:

From: Monty Solomon <monty () roscom com>
Date: September 16, 2005 1:08:27 AM EDT
To: undisclosed-recipient:;
Subject: Careful or they'll hear your password



Careful or they'll hear your password

September 15, 2005

Computer scientists at the University of California at Berkeley have
found a new way to crack computer passwords: By listening.

Professor Doug Tygar and graduate student Li Zhuang use off-the-shelf
microphones to record keystroke sounds and run the noise through a
modified program originally designed to recognize human speech. On
its first pass, the program correctly identifies only half the typed
letters. The results are then fed through software that spots
spelling and grammar errors. Data from these programs are used to
train the keystroke recognizer, so that it gets more accurate with
each pass. By the third run, ''we get 96 percent of all the
characters," said Tygar.

Tygar said that when assigned to crack a 10-digit password, the
software replies with 75 possibilities. ''This means we can break
into one of every 75 people's accounts, on the first try," he said.

Even more alarming, sound snoopers don't need direct access to the
computer. They could aim a sensitive parabolic antenna from a
building across the street. They might tap the target's telephone and
collect keystroke sounds from its microphone. Many computers even
have built-in microphones that ''Trojan horse" software could trick
into switching on and relaying the sounds to a remote location.

...

http://www.boston.com/business/technology/articles/2005/09/15/ 
careful_or_theyll_hear_your_password/



-------------------------------------
You are subscribed as lists-ip () insecure org
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/