Connect with us

Hi, what are you looking for?



Skype Calls Expose User Keystrokes: Researchers

Microsoft’s popular text, audio and video messaging service Skype can be used to record keystrokes and reveal what a user has typed, researchers say.

Microsoft’s popular text, audio and video messaging service Skype can be used to record keystrokes and reveal what a user has typed, researchers say.

According to researchers from the University of California Irvine (UCI) and two Italian Universities, an attack where keystrokes are recorded during a Skype call and then reassembled as text is possible because of the acoustic emanations of computer keyboards, already a proven privacy issue.

Unlike previous research, which was based on an adversary’s physical proximity to the victim, profiling of the victim’s typing style, and/or victim’s typed information being available to the adversary, the new study proposes a new keyboard acoustic eavesdropping attack, one based on Voice-over-IP (VoIP), or the core technology behind Skype (and many other chat services out there, we might add).

In their paper (PDF), the UCI researchers argue that users typing on their desktop or laptop computer’s keyboard while participating in a Skype call become vulnerable to the demonstrated electronic eavesdropping. The VoIP software acquires acoustic emanations of pressed keystrokes and transmits them to the others involved in the VoIP call, thus creating a vulnerability.

The issue, the researchers argue, is that people often engage into secondary activities while in a VoIP call, and that some of these activities include typing. They also say that Skype conveys enough audio information to reconstruct the victim’s input with an accuracy of 91.7% if the victim’s typing style and keyboard are known (the accuracy drops to 41.89% if they aren’t known).

However, the attack is not possible if the victim uses a touchscreen or a holographic keyboard and keypad. Moreover, the researchers explain that, because Skype is encrypted, an attacker who is not part of the call can’t easily pilfer keystrokes.

“Skype is used by a huge number of people worldwide. We have shown that during a Skype video or audio conference, your keystrokes are subject to recording and analysis by your call partners. They can learn exactly what you type, including confidential information such as passwords and other very personal stuff,” co-author Gene Tsudik, Chancellor’s Professor of computer science at UCI, said.

Advertisement. Scroll to continue reading.

This type of attack is possible because various brands of keyboards emit distinct sounds and because different letters on the same keyboard emit different sounds. If someone’s typing is recorded, each keystroke can then be analyzed and matched to a specific key. Thus, an attacker with some knowledge of a user’s typing style could re-create entire texts.

Unlike previous studies, which relied on getting a recording device close to the victim’s keyboard, the new research reveals how VoIP technology eliminates this impediment. “Our work is yet another nail in the coffin of traditional physical keyboards that are common in modern laptop and desktop computers. It clearly shows previously unnoticed privacy dangers of using popular VoIP technologies in conjunction with such keyboards,” Tsudik said.

Related: Researchers Use WiFi Signals to Read Keystrokes

Related: Wireless Keyboards Vulnerable to Sniffing, Injection Attacks

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Staying the course and sticking to strategic goals allows security professionals to steadily and continually improve the security posture of their organization without allowing distractions to divert precious resources away from more important tasks.

Related Content

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...


Many in the United States see TikTok, the highly popular video-sharing app owned by Beijing-based ByteDance, as a threat to national security.The following is...

Artificial Intelligence

Two of humanity’s greatest drivers, greed and curiosity, will push AI development forward. Our only hope is that we can control it.


Employees of Chinese tech giant ByteDance improperly accessed data from social media platform TikTok to track journalists in a bid to identify the source...

Mobile & Wireless

As smartphone manufacturers are improving the ear speakers in their devices, it can become easier for malicious actors to leverage a particular side-channel for...

Cloud Security

AWS has announced that server-side encryption (SSE-S3) is now enabled by default for all Simple Storage Service (S3) buckets.


Meta was fined an additional $5.9 million for violating EU data protection regulations with WhatsApp messaging app.