How Your Smartphone's Accelerometer Could Uncover Your Passwords

By Wesley Fenlon

A research project proves that accelerometers can actually pick up on computer keyboard keystrokes through desk vibrations.

Live Free or Die Hard took certain liberties with technology as big, stupid action movies so often do. Magic movie hacking can do just about anything, which makes it a pretty convenient (and completely unbelievable) plot device. The scary (exciting?) thing is, even crazier hacking exists in the real world.

Take this research project from Georgia Tech, for instance: it uses a smartphone's accelerometer to listen in on the keystrokes you enter on a computer keyboard and can actually figure out your passwords from typing vibrations.

When a smartphone is placed on a desk beside a keyboard, the accelerometer can be used to pick up vibrations carried across that hard surface. The accelerometer the team used inside an iPhone 4 sampled 100 times per second, which wasn't fast enough to pick up every individual keystroke. So the team got smart and analyzed which side of the keyboard a stroke was coming from. After that, they analyzed the time between keystrokes to develop potential keystroke pairs.

By comparing those potential pairs to a dictionary, they were able to piece together passwords with up to 80 percent accuracy.

Of course, that's all under ideal circumstances. Don't keep your phone on you desk? Hackers thwarted. Work in a noisy building or a skyscraper that bends with the wind? Hackers thwarted. Keep your laptop and phone on a tile counter? The accelerometer can't pick up vibrations. Pine and glass desks were most effective.

Even under the perfect conditions, there's still the issue of hacking the phone and being able to dump or monitor that accelerometer data. More trouble than it's worth? Almost definitely. But next time you scoff at the ridiculous hacking in a movie, don't be so sure it's actually impossible.