Shake 'n' Spy: Smartphone Motion Sensors Can Tell What You're Typing
Your smartphone's motion sensor could tell an attacker exactly what keys you press.
Simply touching your smartphone's silent keyboard makes you a target for attack, according to researchers at the University of California, Davis, who've found a way to infer exactly what buttons you push based on the physical wiggles and jiggles of the keys as you press them.
Wiggles and jiggles are layman's terms, of course, for the technology at the core of TouchLogger, an Android keylogger application that measures the physical motions made when touching onscreen keys. The motions are captured by the phone's accelerometer.
Hao Chen and Liang Cai presented "TouchLogger: Inferring Keystrokes on Touch Screen from Smartphone Motion" at last week's HotSec '11 conference in San Francisco.
"Our insight is that motion sensors, such as accelerometer and gyroscopes, may be used to infer keystrokes," Chen and Cai wrote in the paper. "When the user types on the soft keyboard on her smartphone (especially when she holds her phone by hand rather than placing it on a fixed surface), the phone vibrates. We discover that keystroke vibration on touch screens are highly correlated to the keys being typed."
Measuring parameters including "the striking force of the typing finger, the resistance force of the supporting hand, the landing location of the typing finger and the location of the supporting hand on the smartphone," TouchLogger was able to detect keystrokes with more than 70 percent accuracy, Chen and Cai wrote.
As opposed to traditional keyloggers, which measure sound or electromagnetic pulses given off when a user touches a raised keyboard, TouchLogger could provide attackers with a sly vector of attack on smartphones, which, because of their silent, non-physical keyboards, have been impervious to these types of intrusions.
TouchLogger was designed to work on an HTC Evo 4G phone, but Chen and Cai presumed that TouchLogger would also work on other smartphones such as iPhones, and even better on devices with larger screens, such as tablet computers. Their intention was not to compromise the security of smartphone users, but to raise awareness of the threat posed by motion-sensing attacks.