The Economist has a story about a group of academics that were able to create some software to extract keystrokes by just listening to people typing [the article is unfortunately now behind the Economis paywall, but Google’s still got a cached version which probably won’t last long itself]. The method is actually pretty straightforward:
The new approach employs methods developed for speech-recognition software to group together all the similar-sounding keystrokes in a recording, generating an alphabet of clicks. The software tentatively assigns each click a letter based on its frequency, then tests the message created by this assignment using statistical models of the English language. For example, certain letters or words are more likely to occur together–if an unknown keystroke follows a “t”, it is much more likely to be an “h” than an “x”. Similarly, the words “for example” make likelier bedfellows than “fur example”. In a final refinement, the researchers employed a method many students would do well to deploy on term papers: automated spellchecking.
The solution to potential security breaches: Turn up the music.