Patrick Traynor and colleagues at the Georgia Institute of Technology in Atlanta were able to use the motion sensors inside an iPhone to read keystrokes from a keyboard 5 centimetres away with up to 80 per cent accuracy.
The sensors don't recognise the vibrations of particular individual keys, but for consecutive pairs of keystrokes they can tell whether the keys are on the left or right of the keyboard and how close together they are.
This information is then matched to a dictionary to recreate the typed word. For example, the word "canoe" breaks down into four pairs: "CA", "AN", "NO" and "OE". The first pair is classified as left-left-near, the second is left-right-far, and so on.
The resulting patterns aren't unique to a particular word, but they are good enough to reconstruct a message when you already know something about its contents.
The team tested their algorithm on a dictionary of 799 words such as "mayor" and "ballot" gathered from news articles about an election in Chicago.
The algorithm provided its best guesses for matching patterns to words, identifying the correct word as a first guess 40 per cent of the time and as one of the top five guesses 80 per cent of the time.
"Context can help us figure out what was really typed when mistakes are made," says Traynor – and a human attacker could fill in the blanks by making their own guesses.
Read more at New Scientist