Keyboard Emanations in Remote Voice Calls

Keyboard acoustic side channel attacks to date have been mostly studied in the context of an adversary eavesdropping on keystrokes by placing a listening device near the intended victim creating a local eavesdropping scenario. However, being in close physical proximity of the victim significantly limits the applicability of the attack. In this paper, we study the keyboard acoustic side channel attacks in remote attack settings and propose countermeasures in such attack settings. Specifically, we introduce an offense-defense system that: (1) highlights the threat of a remote adversary eavesdropping on keystrokes while the victim is on a VoIP call, and (2) builds a way to mask the leakage through the use of system-generated sounds. On the offensive side, we show the feasibility of existing acoustic side channel attacks adapted to a remote eavesdropper setting against sensitive input such as random passwords, PINs etc. On the defensive side, we demonstrate a software-based approach towards masking the keystroke emanations as a defense mechanism against such attacks and evaluate its effectiveness. In particular, we study the use of white noise and fake keystrokes as masking sounds and show the latter to be an effective means to cloak such side channel attacks. Finally, we discuss a novel way of masking by virtually inserting the masking signal in remote voice calls without distracting the user.