Computing Reviews
Today's Issue Hot Topics Search Browse Recommended My Account Log In
Review Help
Search
Skype & Type: keyboard eavesdropping in voice-over-IP
Cecconello S., Compagno A., Conti M., Lain D., Tsudik G.  ACM Transactions on Privacy and Security 22 (4): 1-34, 2019. Type: Article
Date Reviewed: Aug 24 2021

In our current environment, many people work remotely from their office and routinely use voice over Internet protocol (VoIP) tools for communicating with colleagues. During these voice calls, it is also quite common for participants to continue to use their computer to “multitask.” Cecconello et al. present and assess a keyboard acoustic eavesdropping technique, Skype & Type (S&T), which conveys computer keyboard keystrokes to attackers.

The authors present some historical background on keyboard acoustic eavesdropping and examine the threat model. They define their assumptions and describe the S&T attack process, as well as their experimental and VoIP software setup. Detailed results, well supported with diagrams and tables, are presented, evaluated, and discussed.

The experiments demonstrate that the technique can work surprisingly well. The authors show that, given some knowledge of the victim’s typing style, language, and keyboard model, VoIP software can convey enough audio information to achieve keystroke interception accuracy of greater than 90 percent. Potential countermeasures are discussed in some detail, and the authors provide concluding remarks and thorough references.

An interesting examination of a largely ignored attack vector, it warns against the temptation to multitask and use the computer keyboard while undertaking VoIP sessions.

Reviewer:  David B. Henderson Review #: CR147339
Bookmark and Share
  Reviewer Selected
Featured Reviewer
 
Would you recommend this review?
yes
no

E-Mail This Printer-Friendly
Send Your Comments
Contact Us
Reproduction in whole or in part without permission is prohibited.   Copyright © 2000-2021 ThinkLoud, Inc.
Terms of Use
| Privacy Policy