Researchers Have Found a Way to Snoop on Your Typing via Skype

By Tom Pritchard on at

Have you ever dedicated any thought to whether or not someone can figure out what you're typing, just by listening to your fingers hitting the keys? Probably not, but according to researchers it's possible with frightening accuracy.

A research team comprised of members from the University of Padua, Sapienza University of Rome, and University of California, Irvine, found that the 'acoustic emanations' (which, in English, means the sound your keystrokes make) can be recorded via a Skype voice or video call, and reassembled as text later on.

Provided the attacker is familiar with your typing style and the kind of keyboard you have, the software can reassemble what you've been saying with 91.7% accuracy. Even if the attacker doesn't have that information, the accuracy is still as high as 41.89%.

Think about how much you might type if you're on a call with someone. At first you might not think its a lot, but just because you're on the phone to someone doesn't mean everything else stops. By recording the audio of your keystrokes, the person on the other end could get hold of confidential information like passwords, credit card numbers, email addresses, and so on.

Unlike older methods of trying to detect keystrokes, this method wouldn't need any sort of physical proximity to the device in question. No malware apps on a person's phone, no keyloggers stealthily installed when they weren't looking, just an open call on any VoIP software (if doesn't necessarily have to be Skype).

It's all a very terrifying prospect. Even more so when you realise that the researchers were able to compensate for issues in the call, like poor call quality, and people speaking over the sound of typing. They also determined that using this technique to crack a password-protected account would, on average, reduce the average number of brute-force attempts by 12 orders of magnitude. Even the worst-case scenario reduces the attempts by a single order of magnitude.

Fortunately there is some good news. Firstly this type of attack doesn't work with touchscreen or holographic keyboards, and it would require an attacker to be able to snoop on a call in the first place. Unless you agree to connect with them, they would have to crack the VoIP service's encryption (not an easy prospect).

So maybe be a bit more careful next time you chat to a random stranger on Skype. [arXiv via Naked Security]