Home > Computing > Hackers could reconstruct your typing by listening…

Hackers could reconstruct your typing by listening to your keystrokes over Skype

Chances are that if you have been on a teleconference call at some point, you will have had the distracting experience of hearing another member of the party typing loudly without muting their microphone.

Such a scenario can be annoying, but did you know it could also make the typist vulnerable to electronic eavesdropping? That is the worrying conclusion reached by researchers at the University of California, Irvine and in Italy.

“Around 16 months ago, I was on a Skype conference call with some colleagues,” Gene Tsudik, Chancellor’s Professor of computer science at UCI, told Digital Trends. “In the background, you could hear someone typing away. Eventually it got to the point where I said, ‘Whoever is doing that needs to stop it, because it’s causing all kinds of interference.’”

As Tsudik spoke, however, he immediately had another thought: ‘I wonder if I could work out what that person is writing?’

“There’s been prior research showing that if you place a microphone directly next to someone’s keyboard to record the sound of the keystrokes, you can distinguish the different keystrokes, and reconstruct what someone is typing,” he continued. “Since I was hearing the typing sounds loud and clear over Skype, I thought it may be possible to do the same thing in that setting.”

Using some smart machine learning tools, the resulting study discovered that if attackers have some advance knowledge — such as information about the keyboard a person is using — they can establish which key is being pressed at any time with an accuracy of 91.7 percent.

Even if they have no information about a person’s typing style or keyboard, there is still a 41.89 percent chance of identifying which keys are being pressed — partially due to to the fact that English has a well-known frequency distribution of letters.

The fact that services like Skype are encrypted, and therefore it is virtually impossible for unwanted outsiders to gain access to a call, means potential attacks like this are unlikely to be widespread. But as Tsudik pointed out, there are scenarios in which it could.

“Sometimes you’re talking to a party you don’t necessarily trust completely,” he said. “That might be politicians or commercial rivals having a teleconference, for example. In that scenario, there’s not always mutual trust. Whenever that’s the case, the other party could potentially be an adversary, and use technology like this to determine what other people on the call are typing.”

Whether it is passwords or confidential notes, the message is loud and clear: if you’re not 100 percent certain about the trustworthiness of the person you are communicating with, do not Skype and type!