July 2017: Our project presented at Black Hat USA 2017. See more.
July 2017: Source code finally released HERE!
May 2017: We'll present our project at Black Hat USA 2017!
January 2017: Our paper "Don't Skype & Type! Acoustic Eavesdropping in Voice-Over-IP" accepted at AsiaCCS 2017!
This project is an international collaboration between:
Our project explores a new keyboard acoustic eavesdropping attack that involves Voice-over-IP (VoIP), called Skype & Type (S&T). We observed that people often engage in secondary activities (including typing) while participating in VoIP calls. As expected, VoIP software acquires and faithfully transmits all sounds, including emanations of pressed keystrokes, which can include passwords and other sensitive information.
This acoustic information from keyboard's noise is used by S&T in order to understand what has been typed on the victim's keyboard. The following figures depict a possible S&T scenario: first, the attacker and the victim VoIP call each other (in our example, a Lawyer's firm as victim, and our Research Group as attacker). Then, the victim proceeds to inadvertentely type sensitive information during the call (in our example, their Gmail ID and password). With the keyboard noise collected through VoIP, the attacker is then able to recover the full typed text of the victim.
Alberto Compagno, Mauro Conti, Daniele Lain, Gene Tsudik. Skype & Type: Keystroke Leakage over VoIP.
Presented at Black Hat USA 2017. Slides
Alberto Compagno, Mauro Conti, Daniele Lain, Gene Tsudik.
Don't Skype & Type! Acoustic Eavesdropping in Voice-Over-IP.
In ACM ASIACCS 2017 (acceptance rate 18.66%). PDF
Our work received lots of national and international press coverage! You can find a (non-comprehensive) list here:
*** INTERNATIONAL PRESS
- Kaspersky Threatpost, 19 oct 2016. Skyping and typing the latest threat to privacy.
- Kaspersky Threatpost Podcast, 21 oct 2016. Threatpost news wrap.
- Sophos Naked Security, 20 oct 2016. Snoops can tell what you type while you Skype, researchers find.
- On The Wire, 19 oct 2016. Recording keystroke sounds over Skype to steal user data.
- Tom's Hardware, 20 oct 2016. Skype & Type attack shows feasibility of acoustic eavesdropping in VoIP calls.
*** ITALIAN PRESS
- Rai 3, TG 3 Pixel (national television), 28 jan 2017. Il PC ti ascolta.
- Rete Veneta, TG PADOVA, 7 nov 2016. Privacy a rischio se scriviamo mentre parliamo su Skype.
- La Stampa, 8 nov 2016. Come scoprire login e password ascoltando il suono della tastiera.
- Il Secolo XIX, 8 nov 2016. Come scoprire login e password ascoltando il suono della tastiera.
- Il Corriere del Veneto, 7 nov 2016. Privacy a rischio con Skype, ricerca dell'ateneo di Padova.