Computing Reviews
Today's Issue Hot Topics Search Browse Recommended My Account Log In
Review Help
Search
Skype & Type: keyboard eavesdropping in voice-over-IP
Cecconello S., Compagno A., Conti M., Lain D., Tsudik G. ACM Transactions on Privacy and Security22 (4):1-34,2019.Type:Article
Date Reviewed: Aug 24 2021

In our current environment, many people work remotely from their office and routinely use voice over Internet protocol (VoIP) tools for communicating with colleagues. During these voice calls, it is also quite common for participants to continue to use their computer to “multitask.” Cecconello et al. present and assess a keyboard acoustic eavesdropping technique, Skype & Type (S&T), which conveys computer keyboard keystrokes to attackers.

The authors present some historical background on keyboard acoustic eavesdropping and examine the threat model. They define their assumptions and describe the S&T attack process, as well as their experimental and VoIP software setup. Detailed results, well supported with diagrams and tables, are presented, evaluated, and discussed.

The experiments demonstrate that the technique can work surprisingly well. The authors show that, given some knowledge of the victim’s typing style, language, and keyboard model, VoIP software can convey enough audio information to achieve keystroke interception accuracy of greater than 90 percent. Potential countermeasures are discussed in some detail, and the authors provide concluding remarks and thorough references.

An interesting examination of a largely ignored attack vector, it warns against the temptation to multitask and use the computer keyboard while undertaking VoIP sessions.

Reviewer:  David B. Henderson Review #: CR147339
Bookmark and Share
  Reviewer Selected
Featured Reviewer
 
 
Abuse And Crime Involving Computers (K.4.1 ... )
 
Would you recommend this review?
yes
no
Other reviews under "Abuse And Crime Involving Computers": Date
The dark side of employee email
Sipior J., Ward B. Communications of the ACM 42(7): 88-95, 1999. Type: Article
Aug 1 1999
The very brief history of digital evidence standards
Pollitt M. In Integrity and internal control in information systems V. Norwell, MA: Kluwer Academic Publishers, 2003. Type: Book Chapter
Nov 20 2003
Teaching computer security at a small college
LeBlanc C., Stiller E.  Computer science education (Proceedings of the 35th SIGCSE technical symposium, Norfolk, Virginia, USA, Mar 3-7, 2004)407-411, 2004. Type: Proceedings
May 19 2004
more...

E-Mail This Printer-Friendly
Send Your Comments
Contact Us
Reproduction in whole or in part without permission is prohibited.   Copyright 1999-2024 ThinkLoud®
Terms of Use
| Privacy Policy