University of California, Irvine (UCI) researchers have found a security breach in which keystroke sounds, or acoustic emanations, can be recorded during a Skype voice or video call and later reassembled as text.
Bad actors can use this attack to "learn exactly what you type, including confidential information such as passwords and other very personal stuff," says UCI professor Gene Tsudik.
However, such an attack is not possible with touchscreen or holographic keyboards and keypads, and since data transfer over Skype is encrypted, it is extremely difficult for someone who is not part of the call to steal keystrokes.
Still, there are scenarios in which this cybersecurity threat could be very real for Skype users. For example, Tsudik notes if the sound of someone typing is recorded, each keystroke can be analyzed and matched to a key using machine-learning techniques.
The researchers found if attackers have some knowledge of the typist's style and information about the keyboard, they can guess which key is pressed by the victim with 91.7% accuracy.
Tsudik says even if attackers are unaware of both the typing style and keyboard, they still have a 41.89% chance of identifying which keys are being struck.
From UCI News
View Full Article
Abstracts Copyright © 2016 Information Inc., Bethesda, Maryland, USA
No entries found