In our current environment, many people work remotely from their office and routinely use voice over Internet protocol (VoIP) tools for communicating with colleagues. During these voice calls, it is also quite common for participants to continue to use their computer to “multitask.” Cecconello et al. present and assess a keyboard acoustic eavesdropping technique, Skype & Type (S&T), which conveys computer keyboard keystrokes to attackers.
The authors present some historical background on keyboard acoustic eavesdropping and examine the threat model. They define their assumptions and describe the S&T attack process, as well as their experimental and VoIP software setup. Detailed results, well supported with diagrams and tables, are presented, evaluated, and discussed.
The experiments demonstrate that the technique can work surprisingly well. The authors show that, given some knowledge of the victim’s typing style, language, and keyboard model, VoIP software can convey enough audio information to achieve keystroke interception accuracy of greater than 90 percent. Potential countermeasures are discussed in some detail, and the authors provide concluding remarks and thorough references.
An interesting examination of a largely ignored attack vector, it warns against the temptation to multitask and use the computer keyboard while undertaking VoIP sessions.