MONTREAL (CUP) — Identity theft, the act of stealing personal information and using it fraudulently to establish credit, run up debt, or take over financial accounts, is more common than most people think. In most cases, it goes unnoticed until it is too late.
A 2003 U.S. Federal Trade Commission survey estimated that nearly 10 million Americans were victims of some form of identity theft within the past year. This is three times the number recorded in 2001.
Doug Tygar, Professor of Computer Science and Information Management at the University of California, Berkeley, explained that computer passwords are key to identity theft.
“From home-banking to logging into webmail accounts, it’s all using passwords. The problem with passwords is that they are a horrible technology. There are lots of way to steal passwords,” he said.
One of these ways he invented himself, a microphone with a built-in software program that can decipher what someone is typing by the sounds of the keys. To most people, the clicks of the keyboard all sound the same.
“If you take two different keys at two different positions and listen to them for a while they will actually sound different. They may sound the same to you because you never pay attention to the difference,” he said.
According to Tygar, the technology behind this unique and controversial invention is not complicated. Keyboards, he explained, contain metal plates that act like steel drums. Depending on where the “drum” is hit, a different sound will be produced. The sounds are recorded, and the software groups each letter, assigning it to a specific sound.
The software was originally designed for speech analysis, explained Tygar.
“What we try to do is, like in speech, break the keyboard sounds into different groups, grouping sounds and keys together,” he said.
After the sounds are grouped, they are deciphered and the corresponding letters are produced. The analyzer works like a cryptograph, using a mathematical program capable of encoding messages.
“Suppose we have the three-letter word ‘thr’ encoded by the spelling analyzer. This is probably the word ‘the.’ By refining our techniques, we can eventually distinguish between an ‘e’ and ‘r’ key,” said Tygar, adding that differentiating between the subtle sounds is one of the main hurdles in perfecting the invention.
“Sometime we may make a mistake and group the ‘e’ and ‘r’ together since they are right next to each other on the keyboard. Also ‘k’ can be grouped differently depending on the sound it makes when it is hit at different angles by the typist,” he said.
The technology’s flaws, however, are insignificant considering its 96 per cent accuracy rate. Tygar even insists that he could achieve 100 per cent accuracy if he continued to refine their techniques. But this was not the intention of his creation.
“What we are trying to say is we need to use something better than passwords, we need to think hard about the weak points of our security,” he said.
If reproduced by the wrong people, the technology could be a dangerous tool for retrieving passwords for online bank accounts, email addresses, University transcripts, hospital records, and much more.
A spokesperson from the Canadian Security Intelligence Services, Canada’s spy agency, refused to comment on whether the organization would be interested in purchasing Tygar’s technology if it became available on the market. She did, however, acknowledge that this type of technology could become problematic.
“I think you can imagine how big it could become. Companies would put it in without people knowing,” she said.
But Tygar is not about to hand over his invention to government agencies or companies.
“We are not willing to give this software to companies, except for legitimate research investigations. However it is not hard to reproduce the results,” he said. “We are hoping to see lots of organizations adopt better methods for password authentication.”