August hasn't been a good month for Smartphone security. First came the revelation that new malware was in circulation, which allowed hackers to listen in on your mobile conversations, then the famous German hacker network, the Chaos Computer Club, announced they had cracked the General Packet Radio Service tech., allowing them to eavesdrop on all conversations within a 8 -square miles radius; no physical access to the phone required. Now two researchers based in southern California have discovered a new avenue of attack, which most experts had considered harmless: your accelerometer.
In a recently published paper, Hao Chen and Lian Cai of the University of California Davis outline a method to use the seemingly harmless wiggling produced while typing to infer what virtual buttons a user pushes. Their method is based on the observation that each user moves their cell phone in a similar, unique way based on which key is currently being pushed. This data, combined with a little knowledge of the phone can be used to create a virtual finger print of the key in question allowing them to read data being entered on the phone – something which had previously been impossible with traditional keytrackers. So far they have been able to read entered data with a 71% success rate. Not bad for an approach previously deemed to be harmless by many experts.
So what does this mean for us users? Right now the advice would seem to be: Don't panic. The paper was intended as a 'proof of concept', written to show that this line of attack down a security “side channel” was possible. Thankfully researchers Chen and Cai are some of the good guys trying to make Smartphones safer for users worldwide. Now that developers know about this hack, they should be able to update most systems to make them safer.