It may be far less obvious than looking over your shoulder but disconcerting nevertheless: someone could access your information simply by using a smartphone to intercept the sound of your typing.
That’s what researchers from SMU's Darwin Deason Institute for Cybersecurity concluded. They found that acoustic signals, or sound waves, produced when typing on a computer keyboard can successfully be picked up by a smartphone which can in turn be processed, allowing a skilled hacker to decipher which keys were struck and what they were typing.
In an experiment with several people in a noisy conference room, the researchers successfully decoded much of what was being typed using common keyboards and smartphones—even with the sounds of other people typing and having conversations.
"We were able to pick up what people are typing at a 41% word accuracy rate. And we can extend that out—above 41%—if we look at, say, the top 10 words of what we think it might be," said Eric C. Larson, one of the two lead authors and an assistant professor in SMU Lyle School's Department of Computer Science, in an article appearing on eurekalert.org. The study was published in the June edition of the journal Interactive, Mobile, Wearable and Ubiquitous Technologies. The study’s co-authors include Tyler Giallanza, Travis Siems, Elena Sharp, Erik Gabrielsen and Ian Johnson, all current or former students at the Deason Institute.
According to lead author Mitch Thornton, director of SMU's Deason Institute and professor of electrical and computer engineering, obtaining information could take as little as a few seconds.
"Based on what we found, I think smartphone makers are going to have to go back to the drawing board and make sure they are enhancing the privacy with which people have access to these sensors in a smartphone," Larson said in the article.
In their experiment, the researchers arranged several people in the conference room, talking to each other and taking notes on a laptop. As many as eight mobile phones were placed on the same table as their laptop or computer, kept anywhere from three inches to several feet away from the computer, according to Thornton.
Study participants did not have to follow any script and could use either use shorthand or full sentences and were allowed to either correct typewritten errors or leave them as they saw fit.
"We were looking at security holes that might exist when you have these 'always-on' sensing devices—that being your smartphone," Larson said. "We wanted to understand if what you're typing on your laptop, or any keyboard for that matter, could be sensed by just those mobile phones that are sitting on the same table.
Thornton noted that because smartphones have a number of sensors that always remain on, it was relatively easy to develop an app that processed the sensor output to predict the key that was pressed by a typist.
There are some factors that could potentially slow down a potential hacker, the scientists noted.
"An attacker would need to know the material type of the table," Larson said, because different tables create different sound waves when you type. For instance, a wooden table like the kind used in this study sounds different than someone typing on a metal tabletop.
He added, "An attacker would also need a way of knowing there are multiple phones on the table and how to sample from them."