Skype Calls Expose User Keystrokes: Researchers

[RoboMan]

Microsoft’s popular text, audio and video messaging service Skype can be used to record keystrokes and reveal what a user has typed, researchers say.

According to researchers from the University of California Irvine (UCI) and two Italian Universities, an attack where keystrokes are recorded during a Skype call and then reassembled as text is possible because of the acoustic emanations of computer keyboards, already a proven privacy issue.

Unlike previous research, which was based on an adversary’s physical proximity to the victim, profiling of the victim’s typing style, and/or victim’s typed information being available to the adversary, the new study proposes a new keyboard acoustic eavesdropping attack, one based on Voice-over-IP (VoIP), or the core technology behind Skype (and many other chat services out there, we might add).

In their paper (PDF), the UCI researchers argue that users typing on their desktop or laptop computer’s keyboard while participating in a Skype call become vulnerable to the demonstrated electronic eavesdropping. The VoIP software acquires acoustic emanations of pressed keystrokes and transmits them to the others involved in the VoIP call, thus creating a vulnerability.


READ FULL REPORT: Skype Calls Expose User Keystrokes: Researchers | SecurityWeek.Com

 

[Ink]

So not just Skype, any application that uses VOIP-technology.

“Our work is yet another nail in the coffin of traditional physical keyboards that are common in modern laptop and desktop computers. It clearly shows previously unnoticed privacy dangers of using popular VoIP technologies in conjunction with such keyboards,” Tsudik said.​

For those concerned.

However, the attack is not possible if the victim uses a touchscreen or a holographic keyboard and keypad. Moreover, the researchers explain that, because Skype is encrypted, an attacker who is not part of the call can’t easily pilfer keystrokes.​