Multitasking while on call especially on Skype is good for productivity, but not much for privacy.
Typing while calling on Skype or other VoIP (Voice over Internet Protocol) services it presents an opportunity for attackers to record the communication, distinguish emanations from the typing, and use previous knowledge to analyze the sounds of keystrokes to guess what’s being typed.
The research paper “Don’t Skype & Type! Acoustic Eavesdropping in Voice-over-IP,” by Daniele Lain and Mauro Conti from the University of Padua, Alberto Compagno of the University of Rome, and Gene Tsudik of University of California Irvine.
Tsudik while talking to Kaspersky Lab said the previous similar attacks require an attacker to be physically close to the victim and accurately profile victim’s physical keyboard model and typing style. All of this cumulated to a generally impractical attack. However, the attack discussed in the research paper is different from these attacks.
The new attack takes on the old attack and applies existing analytical techniques through machine learning tools.
“The main idea is the same; most physical keyboards make distinct sounds, like musical instruments,” Tsudik said. “Each key on the same keyboard sounds a little differently and produces sufficiently different sounds to map them to different keys.”
The accuracy level of attack is high, even if the attacker has little knowledge of victim’s typing inclinations. Accurately guessing a random keystroke happens 92 percent of the time. If an attacker has no knowledge of these attributes, his accuracy level is still 42 percent.
The research demonstrates proof-of-concept that attackers can steal sensitive information from skype sessions, such a banking details, the content of the email. Tsudik pointed out that On-Screen keyboard is immune to such attacks.
The researchers are moving forward with the research to expand their work to other VoIP services such as Google Hangouts.
“We are starting to analyze Hangouts as a sanity check to see if it’s not just a Skype thing,” he said. “We will broaden the attack to include more keyboards. My guess is that it will get easier and faster with external keyboards and with noise in the background where there talking over typing. My guess is there would be still a possibility of high accuracy, but we need proof.”
Share this article
About the Author
Peter Buttler an Infosec Journalist and Tech Reporter, Member of IDG Network. In 2011, he completed Masters in Cybersecurity and technology. He worked for leading security and tech giants as Staff Writer. Currently, he contributes to a number of online publications, including The Next Web, CSO Online, Infosecurity Mag, SC Magazine, Tripwire, GlobalSign CSO Australia, etc. His favorite areas Online Privacy, AI, IoT, VR, Blockchain, Big Data, ML, Fintech, etc. You can follow him on twitter.
More from Peter ButtlerRelated Posts
Passengers’ Data Stored on User Devices, not on DigiYatra Storage, says India Govt
KEY TAKEAWAYS Unblocking streaming content from Amazon Prime is easy only if you know the reliable V...
NCSC Chief: Clear Rules Needed to Prevent Cyberspace Conflict and Struggle
A safe and secure digital world necessitates a clear definition and enforcement of international cyb...
‘Revive’ has been upgraded to a banking Trojan on Android
This month, Cleafy’s security researchers discovered a new Android Banking Trojan in the wild....
Asian Industrial Control Systems Targeted by Hackers Using the Shadowpad Backdoor
Unpatched Microsoft Exchange servers in various Asian countries were the target of an attack campaig...
Data Breaches Could Occur Due to Kubernetes Misconfigurations That Were Leaked.
Over 900,000 Kubernetes (K8s) have been discovered to be vulnerable to malicious scans and/or data-e...
Attacks by Cybercriminals Will Become the Main Threat in 2024. Privacy Issues Tendencies
Internet Privacy is the main Concern today Advertisers track your online activities and interf...
