Password-based Systems Might be Hacked through Keyboard Sounds

Date: 2019-09-03
Author: Adam Bostwick, Business Development

Next >> vSECCMS It is all about Connections

Previous << Biometrics hack puts 1 million in jeopardy

Listen up! In yet another study showing the flaws in password-based computer security systems, the Southern Methodist University in Texas is reporting that it's possible to guess a person's password simply by listening to the sounds made by keyboard keys as they are pressed.

It seems each key makes a different sound - perhaps too subtle for most human ears to discern, but not too subtle for smartphones and other devices capable of "listening." The study showed that phones pick up on the acoustic signals and the differences made by various keys.

In their study, the researchers set up eight phones and placed them near the computer keyboard - from just inches away to several feet away. The study showed that the accuracy of determining what was being typed through the filter of the phone was as high as 41 percent.

While the accuracy number is not staggeringly high, the concern is that with many people still using very generic passwords hacking systems designed to decipher computer keyboard clicks the accuracy rate of grabbing overly simple passwords could be higher.

So what can we do? The remedies include using two-factor authentication, preferably with one of them having no potential audio element (such as a dongle or smartcard) or having one of the passwords auto-filled from a secure browser plug-in so there are no keyboard clicks.

With most of us filling our homes with devices that can "listen" to us - think Amazon Alexa, Apple's Siri, Google Assistant and more - protecting against potential hacks of whatever we are typing (not just passwords) will be near impossible. We've asked this question before - has convenience made us reckless with our security? For most of us, the answer is probably yes. But there are some simple steps, including two-factor authentication, that can certainly help keep our data more secure.

Versasec Support

Versasec customers with an existing support and maintenance contract can access the Versasec Support Portal, offering extensive professional support and maintenance services. The Versasec Support Portal offers a variety of services, allowing for customers and any site visitor to communicate directly with support engineers.


Company Blog

Our blog addresses the latest security trends and stories. The posts discuss how identity and access management are playing a larger role in keeping corporate data safe as well as brand reputations intact. To learn more, bookmark our blog![more]