Keyboard Clicks
Researchers at UC Berkeley claim they can just listen to keyboard taps and piece together a 96% accurate reconstruction of English words typed — and 90% of all randomly generated five-character passwords within 20 tries. The techniques used are “relatively easy” using a $10 PC microphone, open source spelling and grammar correction tools, and some custom code written by the researchers which will almost certainly end up on a torrent soon.
It is not necessarily an alarming revelation that this type of a technique can be successfully used to steal passwords or eavesdrop on whatever a person is typing. However, it is further evidence of the notion that the greatest vulnerabilities in any system are not the buffer overflows or the hidden backdoors or anything along those lines that only those with a background in Computer Science really have an understanding of. Instead, the greatest threat to any secure system is typically the password as well as the conscious care with which people choose, treat, store, and use these passwords.
