It is well-known that acoustic emanations of computer keyboards represent a serious privacy issue. As demonstrated in prior work, physical properties of keystroke sounds might reveal what a user is typing. However, previous attacks assumed physical proximity to the victim, to place compromised microphones. We argue that this is hardly realistic. We also observe that during VoIP calls people often engage in secondary activities (including typing), unintentionally giving potential eavesdroppers full access to their microphone. From these observations, we build a new attack, called Skype&Type (S&T), that involves VoIP software.
In this talk, we will present S&T and show that two very popular VoIP software (Skype and Google Hangouts) convey enough audio information to reconstruct the victim's input from keystroke noise. We will present the architecture of S&T, which we release as a tool to the community, to solicit contributions and to raise awareness on such underlooked side channels.