Keyboard sniffing through audio recorded typing patterns

In a similar vein, but slightly different. Rather than using audio recordings this link shows that you can point a laser at the back of a laptop monitor and determine what is being typed based on the vibrations of the screen.

Here is the original presentation slides


This is known as "Acoustic Keyboard Eavesdropping". In 2004 Dmitri Asonov and Rakesh Agrawal from IBM published a paper (pdf) that describes such an attack. The following is the abstract of that paper:

We show that PC keyboards, notebook keyboards, telephone and ATM pads are vulnerable to attacks based on differentiating the sound emanated by different keys. Our attack employs a neural network to recognize the key being pressed. We also investigate why different keys produce different sounds and provide hints for the design of homophonic keyboards that would be resistant to this type of attack.

Berkeley researchers reached similar results in a paper published in 2005 (pdf). The following is taken from the abstract of that paper:

We examine the problem of keyboard acoustic emanations. We present a novel attack taking as input a 10-minute sound recording of a user typing English text using a keyboard and recovering up to 96% of typed characters. There is no need for training recordings labeled with the corresponding clear text. A recognizer bootstrapped from a 10-minute sound recording can even recognize random text such as passwords: In our experiments, 90% of 5-character random passwords using only letters can be generated in fewer than 20 attempts by an adversary; 80% of 10-character passwords can be generated in fewer than 75 attempts by an adversary. In the attack, we use the statistical constraints of the underlying content, English language, to reconstruct text from sound recordings without knowing the corresponding clear text.


The motion sensor in a mobile phone can be used to wirelessly tap a keyboard by placing the phone close to the keyboard. A similar and clever approach to your suggestion.

I believe it's discussed in this TED talk: http://www.ted.com/talks/avi_rubin_all_your_devices_can_be_hacked.html .