The government is spying on us and now we’re spying on each other. Here’s the latest, and it’s a pattern that repeats itself daily in hundreds of millions of offices and coffee shops around the world: People sit down, turn on their computers, set their mobile phones on their desks and begin to work. What if a hacker could use that phone to track what the person was typing on the keyboard just inches away? A research team has discovered how to do exactly that, using a smartphone accelerometer–the internal device that detects when and how the phone is tilted–to sense keyboard vibrations and decipher complete sentences with up to 80% accuracy.

Researcher Patrick Traynor says, "We first tried our experiments with an iPhone 3GS, and the results were difficult to read, but then we tried an iPhone 4, which has an added gyroscope to clean up the accelerometer noise, and the results were much better. We believe that most smartphones made in the past two years are sophisticated enough to launch this attack." The technique works through probability and by detecting pairs of keystrokes, rather than individual keys (which still is too difficult to accomplish reliably).

It models "keyboard events" in pairs, then determines whether the pair of keys pressed is on the left versus right side of the keyboard, and whether they are close together or far apart. After the system has determined these characteristics for each pair of keys depressed, it compares the results against a preloaded dictionary, each word of which has been broken down along similar measurements.

The technique only works reliably on words of three or more letters (so you’re OK if you tend to use long words).

