An interesting article has been released to the public dubbed Keyboard Acoustic Emanations Revisited, long story short, someone recording your keystrokes can recover the typed plain text.

This method is quite effective producing results of 90% successful recovery of a 5 characters password, and 80% successful recovery of a 10 characters password. This is pretty impressive for something recovered from the recording of the keystrokes.

One thing is for sure I will be making more use of cap lock, shift, alt and control combinations to try and avoid making it easy to recover the password as well as add in lots of coughing!

By the way the conclusion from the article is:
Our new attack on keyboard emanations needs only acoustic recording of typing using a keyboard and recovers the typed content. Compared to previous work that requires clear-text labeled training data, this attack is much more general and serious in nature.

More important, the techniques we use to exploit inherent statistical constraints in the input and to perform feedback training can be applied to other emanations with similar properties. Prototype code (in Matlab and Java) of the attack and the data sets used in this paper are available at http://www.keyboard-emanations.org.

-

Is your site safe from SQL Injection? Sign up for an Automated Vulnerability Detection Service today!