Researchers from the University of Padua, Italy, and University of California, Irvine, have successfully guessed what users are typing based on the sounds given by keystrokes captured during a Skype conversation.
The idea behind this attack, called Skype & Type (S&T), is that people who engage in Skype voice or video calls, often continue to work inside other applications while they’re on the Skype call.
Because most keyboards are quite loud, the sounds propagate through the computer’s microphone to the other caller, who can easily record it and extract it from the background noise.
The research team says that a machine learning algorithm can be created that will be capable of categorizing each key based on similar characteristics. The algorithm will detect the user’s typing style, and then accurately guess what he’s typing.
“In particular, our results demonstrate that, given some knowledge on the victim’s typing style and the keyboard, the attacker attains top-5 accuracy of 91.7% in guessing a random key pressed by the victim,” researchers say.
“The accuracy goes down to still alarming 41.89% if the attacker is oblivious to both the typing style and the keyboard,” researchers add.
Furthermore, the research team says the S&T attack is reliable even when Internet connection bandwidth metrics fluctuate, or when people are talking and cover up the keystroke sound.
Previously, researchers have proved that they could record keystroke sounds and guess what keys the user pressed with a very high accuracy using microphones placed near the user’s computer.
The Skype & Type attack opens the door for a new security breach vector, via VoIP audio and video calls. Technically, the attack could be ported to any other high-fidelity audio and video calling services.