'Skype & Type' Attack Shows Feasability Of Acoustic Eavesdropping In VoIP Calls
Security researchers from the University of California, Irvine; the Sapienza University of Rome; and the University of Padua were able to reconstruct the sound of keystrokes as text from Skype voice and video calls. Malicious eavesdroppers could use this method to intercept sensitive and personal information of Skype users.
Acoustic Eavesdropping
Over the past few years, there has been more research into how keystroke sounds could be converted into the text that the surveillance target wrote at the time of the recording. However, those previous demonstrated attacks were not especially practical in the real world, according to the researchers of the current study.
In the previous studies, the attackers would need to be in close proximity to the target. They also needed to have precise profiling of the victim’s typing style and keyboard, as well as a significant amount of the victim’s typed information and its corresponding sounds.
Skype & Type
The researchers developed a new type of practical keyboard acoustic eavesdropping attack, which they called “Skype & Type” (S&T). The idea behind this research was that many people do other activities, such as typing on their keyboards, while they do VoIP (Voice-over-IP) calls.
According to the researchers’ paper, VoIP software can acquire acoustic emanations of pressed keystrokes and then transmit them to others in the call. Normally, this wouldn’t be an issue if you trust the person on the other side of the line, but calls can be intercepted, and the eavesdropper could be capturing the VoIP users’ keystrokes.
An attacker could capture keystrokes this way with an accuracy of 41.89% if there is absolutely no knowledge of the keyboard being used or of the target’s typing style. However, the accuracy goes up to 91.7% if there is some knowledge about the keyboard used and the user’s typing behavior. The researchers also noted that the “Skype & Type” attack is resilient against various bandwidth issues, confirming the feasibility of the attack.
Future Research
The researchers tested the attack only on a few laptops so far, which they thought would be a representative sample. Skype is also likely the most often used VoIP application on the desktop, so it made sense to test that application first. However, in the future, the researchers plan to use more laptop models to verify whether this attack can work well enough across all laptops.
Stay On the Cutting Edge: Get the Tom's Hardware Newsletter
Get Tom's Hardware's best news and in-depth reviews, straight to your inbox.
They also plan to test other applications such as Google’s Hangouts, and also create countermeasures to the attack they've already developed, so Microsoft, Google, and other companies can protect their users from this type of eavesdropping.
Intel looks beyond silicon, outlines breakthroughs in atomically-thin 2D transistors, chip packaging, and interconnects at IEDM 2024
iFixit now sells genuine Xbox replacement parts but at ridiculous prices — $599 for an Xbox Series X motherboard when a new console costs $499
US govt says Cisco gear often targeted in China's Salt Typhoon attacks on 8 telecommunications providers — issues Cisco-specific advice to patch networks to fend off attacks
-
targetdrone So now there is a security concern that can be used to ban blue switches, other loud keyboards and speaker phones form the office.Reply
Good -
cats_Paw Skype uses resources from your PC when its idle to no point in even keeping it on unless you are using it.Reply
But yeah, some of this crap is starting to look scary. -
targetdrone 18758389 said:Skype uses resources from your PC when its idle to no point in even keeping it on unless you are using it.
But yeah, some of this crap is starting to look scary.
If I'm understanding this "Eavesdropping attack" correctly the only thing scary about this is the sensationalized media reporting it. Use a voice canceling MICROPHONE and turn the volume just high enough so only YOUR voice is heard, then there is no way for skype(or anything else) to drop eaves on you.
I remember years ago before LCDs became mainstream and there were similar concerns of being able to reproduce the image on a CRT monitor by the EM radiation it gave off and it was suggested to put the CRT monitor in a Faraday cage of course the fact that in order to do that the person dropping eaves had to be sitting next to you or in the cube directly next to yours. -
Kimonajane Skype was good until Microsoft bought/took it. The first thing MS did after obtaining Skype was to re code it to allow their overlords in the FED/NSA easy access to eavesdrop in on people. Don't believe me, look it up.Reply