Overclock.net › Forums › Industry News › Software News › [CNN] Smartphones Can Use Vibrations to Steal Passwords
New Posts  All Forums:Forum Nav:

[CNN] Smartphones Can Use Vibrations to Steal Passwords - Page 4

post #31 of 37
Thread Starter 
Quote:
Originally Posted by kabj06 View Post
I wonder what would happen if they tried this on a DVORAK board!
Quote:
Originally Posted by Boyboyd View Post
Soloution:

Use a Dvorak layout.
The algorithm would just map to keystrokes. Some pattern analysis would assist in determine which standard keyboard layout is being used.


Quote:
Originally Posted by Epitope View Post
Large data sets? Wouldn't you notice that strange iphone sitting on your desk after a few days?
Not if someone installed it on YOUR phone.

How hard would it be to swipe a phone, install some hidden software, and return phone? Most people just don't check their running services on smartphone.

Intelligence offices could do this..... or you could do this to your GF....
Edited by DuckieHo - 10/19/11 at 12:22pm
Once again...
(13 items)
 
  
CPUMotherboardGraphicsRAM
i7 920 [4.28GHz, HT] Asus P6T + Broadcom NetXtreme II VisionTek HD5850 [900/1200] + Galaxy GT240 2x4GB G.Skill Ripjaw X [1632 MHz] 
Hard DriveOSMonitorKeyboard
Intel X25-M 160GB + 3xRAID0 500GB 7200.12 Window 7 Pro 64 Acer H243H + Samsung 226BW XARMOR-U9BL  
PowerCaseMouseMouse Pad
Antec Truepower New 750W Li Lian PC-V2100 [10x120mm fans] Logitech G9 X-Trac Pro 
  hide details  
Reply
Once again...
(13 items)
 
  
CPUMotherboardGraphicsRAM
i7 920 [4.28GHz, HT] Asus P6T + Broadcom NetXtreme II VisionTek HD5850 [900/1200] + Galaxy GT240 2x4GB G.Skill Ripjaw X [1632 MHz] 
Hard DriveOSMonitorKeyboard
Intel X25-M 160GB + 3xRAID0 500GB 7200.12 Window 7 Pro 64 Acer H243H + Samsung 226BW XARMOR-U9BL  
PowerCaseMouseMouse Pad
Antec Truepower New 750W Li Lian PC-V2100 [10x120mm fans] Logitech G9 X-Trac Pro 
  hide details  
Reply
post #32 of 37
It doesn't work how you are thinking. It does not use the unique vibration signature of each individual key, that would require some previous knowledge of each individual keyboard* and also a more accurate accelerometer. What it does is locate the approximate position of the key stroke and the timing between them, this then gives them a chance to approximate the key stroke pairs with 80% accuracy.

From the attached article:

Quote:
Originally Posted by Article
The accelerometer in the phone the researchers used samples only 100 times a second, so they did not have enough data to determine the exact keys struck. Instead, the researchers used the data from the accelerometer to determine whether key taps were on the right or left side of the keyboard and to gauge the delays between keystrokes. Using this information, they were able to figure out a list of potential keystroke pairs. The results were then compared with a 58,000-entry dictionary.
Edit:

* I suppose with enough time you could determine each key characteristic from the keystrokes. Just compare the pattern with known languages. For example 1-3-4-4-8 might mean nothing until you gather enough data, then from patterns you can begin to guess what each number means, e.g. 1=H, 3=E, 4=L and 8=O.

Edit2:

Quote:
Originally Posted by DuckieHo View Post
...or you could do this to your GF....
Duckie, there are times when I really worry about you. There is this thing called trust you know?
Edited by GingerJohn - 10/19/11 at 12:33pm
Main
(21 items)
 
HTPC
(10 items)
 
 
CPUMotherboardGraphicsRAM
i5 2550k P8P67 Pro Sapphire HD 7950 G.Skill RipJaws X 1600 Cas 9 
Hard DriveHard DriveHard DriveCooling
Corsair Force 120 WD Blue 500GB WD Caviar Green 1TB XSPC RayStorm 
CoolingCoolingCoolingCooling
RX240 MCR 220 EK 7950 Copper Acetal  DDC-1T 
OSMonitorMonitorKeyboard
Windows 7 64-bit Dell U2311H Oculus Rift DK2 Ducky Shine 3 MX Brown 
PowerCaseMouseAudio
Corsair TX 750W CoolerMaster CM690 II G500 Klipsch ProMedia 2.1 
Audio
Asus Xonar DX 
CPUMotherboardRAMHard Drive
A10-6800K Gigabyte GA-F2A85XN-WIFI G Skill 1600 CAS9 Kingston SSD Now 60GB 
Hard DriveOptical DriveCoolingOS
WD Caviar Blue 1TB LG Slim Blu-Ray player Silverstone NT06-PRO  Widows 7 Home Premium 
PowerCase
Silverstone Sfx Series ST45SF 450W Silverstone SG05 
  hide details  
Reply
Main
(21 items)
 
HTPC
(10 items)
 
 
CPUMotherboardGraphicsRAM
i5 2550k P8P67 Pro Sapphire HD 7950 G.Skill RipJaws X 1600 Cas 9 
Hard DriveHard DriveHard DriveCooling
Corsair Force 120 WD Blue 500GB WD Caviar Green 1TB XSPC RayStorm 
CoolingCoolingCoolingCooling
RX240 MCR 220 EK 7950 Copper Acetal  DDC-1T 
OSMonitorMonitorKeyboard
Windows 7 64-bit Dell U2311H Oculus Rift DK2 Ducky Shine 3 MX Brown 
PowerCaseMouseAudio
Corsair TX 750W CoolerMaster CM690 II G500 Klipsch ProMedia 2.1 
Audio
Asus Xonar DX 
CPUMotherboardRAMHard Drive
A10-6800K Gigabyte GA-F2A85XN-WIFI G Skill 1600 CAS9 Kingston SSD Now 60GB 
Hard DriveOptical DriveCoolingOS
WD Caviar Blue 1TB LG Slim Blu-Ray player Silverstone NT06-PRO  Widows 7 Home Premium 
PowerCase
Silverstone Sfx Series ST45SF 450W Silverstone SG05 
  hide details  
Reply
post #33 of 37
Quote:
Originally Posted by DuckieHo View Post
The algorithm would just map to keystrokes. Some pattern analysis would assist in determine which standard keyboard layout is being used.



Not if someone installed it on YOUR phone.

How hard would it be to swipe a phone, install some hidden software, and return phone? Most people just don't check their running services on smartphone.

Intelligence offices could do this..... or you could do this to your GF....
My phone is password protected and I also regularly shut down all apps with my task manager to maximize battery life. It's also inside a silicon case which I assume would absorb much of the vibration. I'm safe

"The results were then compared with a 58,000-entry dictionary"

My passwords also aren't real words so I'm safe again. They are all a mix of letters numbers and symbols that I remember for personal reasons. Since they try to determine what side of the keyboard you are typing on I imagine that pressing something like the right shift key and 1 to make ! would throw it off.
Edited by Epitope - 10/19/11 at 12:34pm
    
CPUMotherboardGraphicsRAM
i7 950 3.2 GHz at 1.0V Asus Rampage III Formula Asus HD6870 6GB Mushkin Redline 1600MHz 6-8-6-24 
Hard DriveOptical DriveCoolingOS
Samsung 250 GB SSD,2X 1TB F3, 250GB WD Blue, 1T... Asus BD Megahalems black chrome edition Windows 7 Professional 
MonitorKeyboardPowerCase
2x Asus 24" Mac keyboard Enermax ERV950EWT Silverstone FT02 
MouseMouse PadAudio
Logitech MX518 Steelseries I-2 Onkyo 1000W 7.1 surround through HDMI 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
i7 950 3.2 GHz at 1.0V Asus Rampage III Formula Asus HD6870 6GB Mushkin Redline 1600MHz 6-8-6-24 
Hard DriveOptical DriveCoolingOS
Samsung 250 GB SSD,2X 1TB F3, 250GB WD Blue, 1T... Asus BD Megahalems black chrome edition Windows 7 Professional 
MonitorKeyboardPowerCase
2x Asus 24" Mac keyboard Enermax ERV950EWT Silverstone FT02 
MouseMouse PadAudio
Logitech MX518 Steelseries I-2 Onkyo 1000W 7.1 surround through HDMI 
  hide details  
Reply
post #34 of 37
Quote:
Originally Posted by DuckieHo View Post
Large datasets + pattern recognition algorithms (which utilize statistical probablilty, signal processing/wave transformation, error correction, tolerances, etc).
How many keystrokes does Joe User type in a day? How many of those keystrokes are his password? A large dataset isn't going to do much good if most of what's being typed is not the password.

Now, if you're also logging the time of the keystrokes, then the large dataset becomes useful. The dataset can potentially be used to correlate specific vibrations with individual letters and numbers; and knowing when a password is most likely to be entered (for example, after 20+ minutes of silence) could help an attacker to identify the password-specific keystrokes that were also used in other tasks.

Of course, all of this assumes that the phone's orientation and position relative to the keyboard remains absolutely constant during the entire logging event. Slide the keyboard a few inches away, or rotate the phone, and the vibrations will have different harmonics.

Quote:
Originally Posted by Epitope View Post
So the moral of the story is to rapidly bang on the desk with one hand while typing in the password with the other.
I think I just found a way to get my employer to buy me that 5.1 stereo system. The subwoofer just became a vital tool for information security.
    
CPUMotherboardGraphicsRAM
i5-2500k ASRock Z68 Extreme3 Gen3 Asus GTX560 Ti 8GB G.SKILL 
Hard DriveOptical DriveCoolingOS
1x 120GB SSD; 2x160GB; 750GB DVD-RW CM Hyper-212+ Win7 Pro 
MonitorPowerCase
1920x1200 24" Corsair 650 CM 690 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
i5-2500k ASRock Z68 Extreme3 Gen3 Asus GTX560 Ti 8GB G.SKILL 
Hard DriveOptical DriveCoolingOS
1x 120GB SSD; 2x160GB; 750GB DVD-RW CM Hyper-212+ Win7 Pro 
MonitorPowerCase
1920x1200 24" Corsair 650 CM 690 
  hide details  
Reply
post #35 of 37
Quote:
Originally Posted by GingerJohn View Post
Duckie, there are times when I really worry about you. There is this thing called trust you know?
If her phone had a forward facing camera, you could create a mirror app that *cough* unknowingly takes a picture with both cameras *cough*. That way you could tell if she was in danger?

But, don't be surprised if you wake up with a neck pain.
Lil Burninator
(14 items)
 
  
CPUMotherboardGraphicsRAM
i7 4770K ASUS Gryphon CF R9 290Xs Samsung 4x4GB 
Hard DriveCoolingOSMonitor
Samsung EVO 1TB 2x 240s | 360 | MPC35X | Mostly BP W7 Pre x64 XL2720T 
KeyboardPowerCaseMouse
K70 AX1200 CaseLabs S5 + Ped G700/Mamba 
Mouse PadAudio
Vespula WA7 + KRK RP6s + HD650s 
  hide details  
Reply
Lil Burninator
(14 items)
 
  
CPUMotherboardGraphicsRAM
i7 4770K ASUS Gryphon CF R9 290Xs Samsung 4x4GB 
Hard DriveCoolingOSMonitor
Samsung EVO 1TB 2x 240s | 360 | MPC35X | Mostly BP W7 Pre x64 XL2720T 
KeyboardPowerCaseMouse
K70 AX1200 CaseLabs S5 + Ped G700/Mamba 
Mouse PadAudio
Vespula WA7 + KRK RP6s + HD650s 
  hide details  
Reply
post #36 of 37
Cool concept on already founded proofs.

Stealing information through signal processing is a real reality.
http://news.cnet.com/8301-1009_3-10200631-83.html
Rig 2.0
(16 items)
 
  
CPUMotherboardGraphicsRAM
i7 3770k Asus P8Z77-V EVGA GTX780 SC ACX Samsung DDR 3 (2 DIMMS) MV-3V4G3D/US 
Hard DriveHard DriveOptical DriveCooling
Samsung 830 SSD WD Caviar Black Asus DVD/RW Xigmatek s-1283 HDT (Air Cooling) 
CoolingCoolingOSMonitor
Scythe Slipstream 1200RPM (x2) Antec 140mm + Antec 120mm + Xigmatek 120mm (x2) Win 7 64bit Acer S243HL bmii - 24" 
PowerCaseMouseAudio
Corsair TX750 Corsair Carbide 300R MX 518 Auzentek X-Fi Forte 7.1 
  hide details  
Reply
Rig 2.0
(16 items)
 
  
CPUMotherboardGraphicsRAM
i7 3770k Asus P8Z77-V EVGA GTX780 SC ACX Samsung DDR 3 (2 DIMMS) MV-3V4G3D/US 
Hard DriveHard DriveOptical DriveCooling
Samsung 830 SSD WD Caviar Black Asus DVD/RW Xigmatek s-1283 HDT (Air Cooling) 
CoolingCoolingOSMonitor
Scythe Slipstream 1200RPM (x2) Antec 140mm + Antec 120mm + Xigmatek 120mm (x2) Win 7 64bit Acer S243HL bmii - 24" 
PowerCaseMouseAudio
Corsair TX750 Corsair Carbide 300R MX 518 Auzentek X-Fi Forte 7.1 
  hide details  
Reply
post #37 of 37
Quote:
Originally Posted by subliminally incorrect View Post
turn off vibrations and sounds and you cant get hacked!

and you save battery life!
clearly didn't read the article OR the quote....
    
CPUGraphicsRAMHard Drive
i5-2410M @ 2.9ghz Nvidia GT 540M 1GB DDR3 4GB DDR3 1333mhz 500GB 5400rpm 
OSMonitorPowerCase
Win 7 Home 64 1366x768 gloss 90w power brick Acer 
  hide details  
Reply
    
CPUGraphicsRAMHard Drive
i5-2410M @ 2.9ghz Nvidia GT 540M 1GB DDR3 4GB DDR3 1333mhz 500GB 5400rpm 
OSMonitorPowerCase
Win 7 Home 64 1366x768 gloss 90w power brick Acer 
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Software News
Overclock.net › Forums › Industry News › Software News › [CNN] Smartphones Can Use Vibrations to Steal Passwords