A wiggly approach to smartphone keylogging

Two researchers from the University of California Davis, Hao Chen and Lian Cai, have successfully divined the keystrokes on an Android on-screen keyboard by measuring the wiggles, jiggles, and vibrations picked up by the device’s accelerometer. This is significant because the data from accelerometers is not thought of as a potential attack vector, and is thus freely available to any application on any smartphone or tablet.

Logging the keystrokes on a Windows or Mac desktop or laptop is incredibly easy: just install a piece of software (or get infected by a Trojan), configure where it should save or send the stolen keystrokes to, and that’s it. When it comes to smartphones, however, complex permission systems make this approach all but impossible — unless you use what’s known as a “side channel.” Strictly speaking, a side channel is an insecure source of information that helps a cracker break a cryptographic system. Broadly speaking, a side channel could be a blinking light on a router that mimics the binary data passing through it or the clackity-clack sounds of a physical keyboard. In other words, side channels are the characteristics of a system that have had their potential risks overlooked.

No comments:

Post a Comment