Skype is the most popular VOIP technology used today, of course you have most likely used it yourself. “Vishing” is the act of using telephony for scamming or retrieving information for malicious intent. Of this, fake calling using fake Caller ID is the most common – however a new bandit is coming to town. Researchers have recently found that if you type while you Skype, it’s possible to extract the acoustic emanations, which is not scrambled through Skype! (University of California Irvine, 2016, Compagno et al., 2016)
One can build a profile of the sounds given by each key on the keyboard and by the type of keyboard. Using machine learning techniques, each keystroke can be analyzed and mapped to the correct key which then makes it possible to re-scramble whole words and reassemble into text.
Image source: (Compagno et al., 2016)
This also means that in case of eavesdropping on the VOIP, an attacker can in fact get hold of sensitive information as well as logins or other things typed while on the Skype call. Or, remember – not everyone using Skype are friends. What about a lawyer talking to the lawyer at the opposite position in a court case?
The study found that if the attacker has some knowledge of the typing style and keyboard of the user, they can figure out the keystrokes with 91.7% accuracy. And even if they don’t have this information, they have a 41.89% chance of figuring out the keystroke using the English language.
Touch-screen devices, of course, does not emit such sounds at least not unless keyboard typing sounds are turned on.
Considering third party apps can record Skype calls, it’s possible for an attacker to record an eavesdropped call and use his/her time to figure out the keystrokes. I wonder if there could be a way to disturb the signal, impossible for the human ear to pick up on, to limit the risk of this kind of fraud? The future will tell – the study is just released.
Compagno, A., Conti, M., Lain, D. and Tsudik, G. (2016) ‘Don’t Skype & Type! Acoustic Eavesdropping in Voice-Over-IP’, Study available in full at the URL below.
University of California Irvine. (2016) Typing while Skyping could compromise privacy [Online] news.uci.edu: University of California Irvine. [Online] Available from: https://news.uci.edu/research/typing-while-skyping-could-compromise-privacy/ (Accessed: 21.11.2016).
Image source: Alexas_fotos, Pixabay CC0 Public Licence, https://pixabay.com/en/frog-phone-booth-phone-computer-949599/