How to Prevent Keyboard Snooping Attacks on Video Calls

By on Nov 13, 2020

How to Prevent Keyboard Snooping Attacks on Video Calls

Video conferencing has really taken off this year. With more people working and learning from home than ever before, video calling has rapidly become the mainstream method for remote communication, allowing users to stay connected. But very few may realize that they might be giving away their passwords on video calls through their body language. According to Tom’s Guide, call participants can guess a user’s passwords through the arm and shoulder movements they make while they type.

Let’s unpack how this threat works so you can continue to connect via video calls worry-free.

How Hackers Use Video Calls to Swipe Personal Data

Keyboard snooping, or a keyboard interference threat, occurs when an attacker is present on a video call and observes the target’s body and physiological features to infer what they are typing. To pull off this attack, the hacker would need to record the meeting or video stream and feed it through a computer program. This program eliminates the visual background and measures the user’s arm and shoulder movements relative to their face. From there, the program analyzes the user’s actions to guess which keys they are hitting on the keyboard – including passwords and other sensitive information.

So, how accurate is this program, anyway? While this shows that the program was only correct 20% of the time when subjects were on their own devices in an uncontrolled environment, the program’s accuracy increased to 75% if their password was one of the one million most commonly used passwords. And suppose the program already knew their email address or name. In that case, it could decipher when the target was typing this information during the video call (and when their password would immediately follow) 90% of the time. The less complex the target makes their password, the easier it is for the program to guess what they’re typing.

Stay Protected From Keyboard Snoopers

Keystroke inference attacks can have potentially dangerous effects, since the text typed can often contain sensitive or private information even beyond passwords, like credit card numbers, authentication codes, and physical addresses. It’s also important to note that any video conferencing tool or videos obtained from public video sharing/streaming platforms are susceptible to this attack.

Therefore, to prevent your meeting attendees from snooping on what you’re typing, follow these tips for greater peace-of-mind:

Create a robust and unique password

Avoid giving keyboard snoopers the upper hand by making your password or passphrase as unique as the information it’s protecting. If a hacker does manage to guess your password for one of your online accounts, they will likely check for repeat credentials across multiple sites. By using different passwords or passphrases for your online accounts, you can remain calm and collected knowing that the majority of your data is secure if one of your accounts becomes vulnerable.

Use multi-factor authentication

Two or multi-factor authentication provides an extra layer of security, as it requires multiple forms of verification like texting or emailing a secure code to verify your identity. Most popular online sites like Gmail, Dropbox, LinkedIn, Facebook, etc. offer multi-factor authentication, and it takes just a few minutes to set it up. This reduces the risk of successful impersonation by criminals who may have uncovered your information by keyboard snooping.

Leverage a password manager

Take your security to the next level with a password manager, like the one included in McAfee Total Protection. A password manager can help you create strong passwords, remove the hassle of remembering numerous passwords, and log you on to websites automatically.

Stay Updated

To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home  on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

This study is from researchers at the University of Texas at San Antonio and the University of Oklahoma, so assuming it should be safe to use since its non-competitor but please let us know otherwise! [BH3]

About the Author

Pravat Lall

Pravat Lall currently serves as VP of the Consumer Cloud Segment at McAfee. He is a seasoned product & technology leader with two decades of experience building products & solutions for Enterprise and Consumer markets. Pravat is passionate about engaging with the customer and accelerating innovation to solve real-world problems in cybersecurity. When not working, ...

Read more posts from Pravat Lall

Subscribe to McAfee Securing Tomorrow Blogs