We’ve discussed the need to cover up a webcam with tape for fear of those being compromised during VoIP sessions. This new vulnerability only needs to be able to hear a conversation to figure out what you are typing. The researchers were given the information on what keyboard and some information on typing style of the end user. From there, they were able to get 91.7% accuracy in figuring out what was being typed on the keyboard. This can happen during a regular Skype call without the need to plant any malware to compromise your target’s computer. Skype and other voice messengers are often left on for long periods of time since unlike phones VoIP doesn’t charge by the minute so there is no need to hang up. Multi-taskers may enter passwords or fill out forms while staying on Skype.
There are a few ways around this, such as using push to talk, a method which only sends audio when you hold a certain key down, preventing unnecessary sounds. Touch screen keys do not make the familiar keyboard sounds so those are safe from this method as well. I think using an external microphone as well, one not situated near the keyboard will lower the chances of this attack in general. Without a profile on the end user, the accuracy only drops to 42%, but I wouldn’t rely on this as it may eventually be possible to compare sounds against multiple profiles and pick the most accurate.
https://www.onthewire.io/recording-keystroke-sounds-over-skype-to-steal-user-data/
Leave a Reply
You must be logged in to post a comment.