Computing Reviews

Skype & Type: keyboard eavesdropping in voice-over-IP
Cecconello S., Compagno A., Conti M., Lain D., Tsudik G.  ACM Transactions on Privacy and Security 22(4): 1-34, 2019. Type: Article
Date Reviewed: 08/24/21

In our current environment, many people work remotely from their office and routinely use voice over Internet protocol (VoIP) tools for communicating with colleagues. During these voice calls, it is also quite common for participants to continue to use their computer to “multitask.” Cecconello et al. present and assess a keyboard acoustic eavesdropping technique, Skype & Type (S&T), which conveys computer keyboard keystrokes to attackers.

The authors present some historical background on keyboard acoustic eavesdropping and examine the threat model. They define their assumptions and describe the S&T attack process, as well as their experimental and VoIP software setup. Detailed results, well supported with diagrams and tables, are presented, evaluated, and discussed.

The experiments demonstrate that the technique can work surprisingly well. The authors show that, given some knowledge of the victim’s typing style, language, and keyboard model, VoIP software can convey enough audio information to achieve keystroke interception accuracy of greater than 90 percent. Potential countermeasures are discussed in some detail, and the authors provide concluding remarks and thorough references.

An interesting examination of a largely ignored attack vector, it warns against the temptation to multitask and use the computer keyboard while undertaking VoIP sessions.

Reviewer:  David B. Henderson Review #: CR147339

Reproduction in whole or in part without permission is prohibited.   Copyright 2021™
Terms of Use
| Privacy Policy