Your Password Can Be Stolen With The “Skype & Type” Attack

Researchers from the University of California and the University of Padua alarm about a new type of attack, which uses the Skype application. The attack relies on the sounds the keystrokes make and which are captured during a Skype voice or video conversation.

Dubbed Skype & Type (S&T), the attack`s idea is that most people while talking on Skype, continue to use other applications as well.

As most keyboards are very loud, the sounds made by the pressing of the buttons can be easily recorded by the person on the other side of the call. Then, they can be extracted from the background noise.

According to the researchers, a machine learning algorithm can be created to help carrying out the S&T attack. The algorithm will be able to categorize each key based on similar characteristics. It will also be capable of detecting a particular user`s style of typing and then correctly guess the typed words (like passwords or other sensitive content).

“In particular, our results demonstrate that, given some knowledge on the victim’s typing style and the keyboard, the attacker attains top-5 accuracy of 91.7% in guessing a random key pressed by the victim.” – researchers say – “The accuracy goes down to still alarming 41.89% if the attacker is oblivious to both the typing style and the keyboard.”

Moreover, the research team says that bad Internet connection or person talking and covering up the keystrokes sounds wouldn’t be an obstacle for the S&T attack.

Before, experts have succeeded in recording keystrokes sounds and accurately guessing what the user was typing with the help of microphones placed next to the user`s PC.

The Skype & Type attack can be ported to any other high-fidelity audio and video calling services, which can result in disastrous consequences.