It’s possible to spy on users who type while they make voice or video calls using apps like Skype, WhatsApp, Hangouts or Viber. At least that’s what a group of researchers told us at Black Hat USA 2017, an event that is dedicated to security and hacking.
“Many of us talk on Skype, Hangouts, WhatsApp, or Viber while using the computer for something else,” explained Kaspersky during their conference summary. “You already know it’s not very polite, but it can be dangerous as well. Click, click, click…the sound of typing on a physical computer keyboard is rather recognizable. Your conversation partner knows you may be chatting or doing something else while conversing.”
It turns out that machine-learning software can gradually recognize the specific keys you’re pressing. Almost every keyboard has a specific sound for each key, which means that if somebody records you typing, over time he/she can find out what you’ve pressed and consequently know what you’ve written.
“At the Black Hat hacking conference in Las Vegas, we saw a presentation on how to make it happen. According to the researchers, even after the sound has undergone conversions during online transmission, the recordings of key clicks retain sufficient information to feed to a machine-learning system and get back the five most probable key presses.”
Machine-learning software can fine tune this even further if it knows the keyboard layout and the language the victim has used.
“The experts claim that this technology might be used even to steal passwords, although that sounds a bit far-fetched,” says Kaspersky. “Passwords are too short and do not consist of real words most of the time. At least, we hope they don’t.”
During the investigation, researchers took five volunteers and had them type on 3 different laptops. They recorded their typing with the audio (under three variations: plain recording, Skype recording and Hangouts recording) and then tried to figure out what they had written.
The software researchers used for the test correctly determined the five possible keys the volunteer had pressed at each moment 90% of the time, across all three methods of recording. It correctly determined the exact key that had been pressed between 70-80% of the time, depending on the type of recording.
In this way, researchers concluded that we should be careful when typing while on a call. If somebody manages to intercept our conversation, record our typing and use the right software, our privacy could be ruined.
Of course, this situation isn’t exactly commonplace. At the presentation, researchers used scaremongering to get the public’s attention. That’s why I’m sticking to Kaspersky’s more moderate conclusions:
“The threat of ‘input interception’ over Skype does not look too serious, but it’s worth knowing about, especially if you sometimes deal with confidential information.”
Here Kaspersky says that it’s possible that this type of thing could occur with people who work with private information; they could be spied on with the method of recording their typing and later figuring out the keys they pressed.
“And let’s face it, typing during conversations is not very courteous; hence, avoiding that kind of multitasking will both protect your privacy and show respect for your conversation partner. However, if you find yourself in a middle of an especially long and tiresome conference call, observe the golden rule: Anyone who is not speaking should mute his or her microphone until it’s time to talk.”
Source: Kaspersky’s blog