Keyboard Acoustic Emanations Revisited
ACM Transactions on Information and System Security 2009, University of California, Berkeley.
Abstract: We present a novel attack taking as input a 10-minute sound recording of a user typing English
text using a keyboard and recovering up to 96% of typed characters. There is no need for training recordings labeled with
the corresponding clear text. A recognizer bootstrapped from a 10-minute sound recording can even recognize random text
such as passwords: In our experiments, 90% of 5-character random passwords using only letters can be generated in fewer
than 20 attempts by an adversary; 80% of 10-character passwords can be generated in fewer than 75 attempts by an adversary.
In the attack, we use the statistical constraints of the underlying content, English language, to reconstruct text from
sound recordings without knowing the corresponding clear text. The attack incorporates a combination of standard machine
learning and speech recognition techniques, including cepstrum features, Hidden Markov Models, linear classification, and
feedback-based incremental learning
with training data: apply several acoustic processing then machine learning without training data: feature extraction -> clustering -> language model
Keystroke Recognition Using WiFi Signals
ACM MobiCom 2015, Michigan State University & Nanjing University
...In this paper, we show for the first time that WiFi signals can also be exploited to recognize keystrokes. The intuition
is that while typing a certain key, the hands and fingers of a user move in a unique formation and direction and thus
generate a unique pattern in the time-series of Channel State Information (CSI) values, which we call CSI-waveform for
When CSI Meets Public WiFi: Inferring Your Mobile Phone Password via WiFi Signals
ACM SIGSAC Conference on Computer and Communications Security 2016, Shanghai Jiao Tong University & University of Massachusetts at Boston & University of South Florida
...WindTalker is motivated from the observation that keystrokes on mobile devices will lead to different hand coverage
and the finger motions, which will introduce a unique interference to the multi-path signals and can be reflected by the
channel state information (CSI). WindTalker presents a novel approach to collect the target's CSI data by deploying a
public WiFi hotspot.
successfully recover 2, 4, 7 and 9 passwords if allowing to try the password input for 5, 10, 50 and 100 times (or Top
5, 10, 50, and 100 candidates).