  1. § Hannes said on :
    Here's the dialog box I want to see: "I've been listening to you type for a few hours now, and I know what the keys sound like. If it's more convenient, feel free to unplug your keyboard." :-)
  2. § tig said on :
    You make some good points.
  3. § DaveK said on :
    I would doubt that there would be enough acoustical information to differentiate taps on different points on a touch panel to be of use using this methodology. Of course, you might be onto something if you're talking about older CRTs where the glass tube would resonate slightly when tapped....but then, what would you be able to do with the collected statistics to convert it into "14 Votes for Mickey Mouse"?

    The ATM idea is kinda cool, though. If you record all of the acoustic signatures of the number pad before you place the "bug," then you could probably have the whole thing licked....possibly without much of the heavy-duty statistical analysis.
  4. § joe® Email said on :
    DaveL: You could imagine (in a very controlled environment,) it might be possible to use two or three mics to get an idea of how far from the mic a touchscreen tap was mad. Then you'll know where on the screen people tapped... this would be really tough to implement in the real world as an attack though.
  5. § DaveK said on :
    Joe: I suppose that you could try something like that, but the size of the monitoring rig may end up being suspiciously large. It would probably just be easier to plant a very tiny video camera. I'd be willing to volunteer my baby monitor ;)
  6. § tom ryan said on :
    your suggestion is problematic.

    1- it weakens the password - you might as well make it case insensitive.

    2- it shows an ignorance of how passwords are often stored... one way hashing prevents most anything being able to tell if something is "similar" to the stored password.
