Eavesdropping of Smartphone’s keylogging using the accelerometer
Two researchers from the University of California at Davis Hao Chen and Lian Cai found a way to determine, which keys have been pressed on the screen’s keypad of OC Android by measuring the shift of vibration and wobbliness of the device that were measured by the built-in accelerometer. This is important, because the data from the accelerometers were not considered as a potential vector of attack, and thus freely available to any application on any Smartphone or pad.
Eavesdropping of keylogging on a desktop or laptop computer with Windows or Mac is incredibly simple: install the appropriate program (or Trojan virus it will do for you), set up where it should be saved or sent the stolen key’s codes, and that is all! When it comes to Smartphones, however, the complex systems of access restrictions make this approach almost impossible unless the side-channels will be used. Strictly speaking, a side-channel is open source of information, which helps the attacker to crack the cryptographic system. In a broader sense, a side-channel may be a light indicator on the router that blinks during the data being transferred, or the keylogging’ sounds of a keypad. [Note: here were mention the real variety of attacks] In other words, the side-channels are characteristics of the system, which potential danger is overlooked.
In this case, the two researchers used data of the spatial orientation of the device based on Android - a set of three angles that defines the orientation of the phone in the spatia of XYZ – in order to determine, where the user clicked on the screen. Each key has a unique pattern of angle changes along the three axes, which can be identified (see below). The accuracy depends on phone model: HTC Evo 4G updates the data on the orientation of every 30 ms, and Motorola Droid updates every 110 ms. In general, the researchers were able to reach of 71.5% accuracy for 10-key keypad. The remaining of 28.5% are errors due to the close layout of the keys. TouchLogger program can correctly identify the column or row for each keystroke, but sometimes there is not enough data to identify a particular key.
Of course, the QWERTY-keypad is more difficult to detect keylogging than the 10-key digital, but in front of us is just a demonstration of the concept, and accuracy in 70% is more than enough to break the confidentiality of any data that are entered into the phone. In addition, it is noted that in the devices such as pads should be easier to control the keypad, as well as gyroscopes can be used together with the camera to increase the resolution and accuracy of TouchLogger.
There is an article in the magazine New Scientist about TouchLogger [PDF]
|Vote for this post
Bring it to the Main Page