Skype & Type: Keystroke Leakage over VoIP

Black Hat USA 2017

Presented by: Alberto Compagno, Mauro Conti, Daniele Lain, Gene Tsudik
Date: Thursday July 27, 2017
Time: 09:00 - 09:25
Location: Lagoon ABCGHI

It is well-known that acoustic emanations of computer keyboards represent a serious privacy issue. As demonstrated in prior work, physical properties of keystroke sounds might reveal what a user is typing. However, previous attacks assumed physical proximity to the victim, to place compromised microphones. We argue that this is hardly realistic. We also observe that during VoIP calls people often engage in secondary activities (including typing), unintentionally giving potential eavesdroppers full access to their microphone. From these observations, we build a new attack, called Skype&Type (S&T), that involves VoIP software.

In this talk, we will present S&T and show that two very popular VoIP software (Skype and Google Hangouts) convey enough audio information to reconstruct the victim's input from keystroke noise. We will present the architecture of S&T, which we release as a tool to the community, to solicit contributions and to raise awareness on such underlooked side channels.

Daniele Lain

Daniele Lain is a Research Fellow at the University of Padua, where he obtained both his MSc degree (with honor) and BSc degree in Computer Science. He is part of the SPRITZ Security and Privacy Research Group, led by Prof. Mauro Conti. His main research interests are in applicating Machine Learning techniques to malware network communications, and to side channels.

Mauro Conti

Mauro Conti is an Associate Professor at the University of Padua, Italy. He obtained his PhD. from Sapienza University of Rome, Italy, in 2009. After his PhD., he was a Post-Doc Researcher at Vrije Universiteit Amsterdam, The Netherlands. He has been Visiting Researcher at GMU (2008), UCLA (2010), UCI (2012, 2013, and 2014), and TU Darmstadt (2013). He has been awarded with a Marie Curie Fellowship (2012) by the European Commission, and with a Fellowship by the German DAAD (2013). His main research interest is in the area of security and privacy. He is Senior Member of the IEEE.

Gene Tsudik

Gene Tsudik is a Chancellor's Professor of Computer Science at the University of California, Irvine (UCI). He obtained his PhD in Computer Science from USC in 1991. Before coming to UCI in 2000, he was at IBM Zurich Research Laboratory (1991-1996) and USC/ISI (1996-2000). His research interests included numerous topics in security and applied cryptography. He currently serves as Director of Secure Computing and Networking Center (SCONCE) at UCI. Gene Tsudik is a former Fulbright Scholar and Fulbright Specialist, a fellow of ACM, IEEE and AAAS, as well as a foreign member of Academia Europaea. From 2009 to 2015 he was the Editor-in-Chief of ACM Transactions on Information and Systems Security (TISSEC).

Alberto Compagno

Alberto Compagno is a post doc researcher at Cisco Systems, Paris. He obtained his PhD in Computer Science at Sapienza University of Rome, Italy, in 2017. During his PhD, he has been visiting University of California Irvine (2014), University of Padua (2014, 2015, and 2016), Cisco Systems (2016). His main research interests include network security and privacy.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats