.jpg)
August hasn't been a good month for Smartphone security. First came the revelation that new malware was in circulation, which allowed hackers to listen in on your mobile conversations, then the famous German hacker network, the Chaos Computer Club, announced they had cracked the General Packet Radio Service tech., allowing them to eavesdrop on all conversations within a 8 -square miles radius; no physical access to the phone required. Now two researchers based in southern California have discovered a new avenue of attack, which most experts had considered harmless: your accelerometer.
In a recently published paper, Hao Chen and Lian Cai of the University of California Davis outline a method to use the seemingly harmless wiggling produced while typing to infer what virtual buttons a user pushes. Their method is based on the observation that each user moves their cell phone in a similar, unique way based on which key is currently being pushed. This data, combined with a little knowledge of the phone can be used to create a virtual finger print of the key in question allowing them to read data being entered on the phone – something which had previously been impossible with traditional keytrackers. So far they have been able to read entered data with a 71% success rate. Not bad for an approach previously deemed to be harmless by many experts.
So what does this mean for us users? Right now the advice would seem to be: Don't panic. The paper was intended as a 'proof of concept', written to show that this line of attack down a security “side channel” was possible. Thankfully researchers Chen and Cai are some of the good guys trying to make Smartphones safer for users worldwide. Now that developers know about this hack, they should be able to update most systems to make them safer.
Related Articles
Comments
My phone bounces a bit when I'm watching You Porn.
@Brian: I would love to see your texts without any auto-correction then :-D
Thanks for the tip!! Now I know to flail my arms around wildly while texting. This is gonna be so much more fun! :D
they would track your hand motiions with a camera or use a special sensor. i read about it somewhere
@Marcel Interesting... and how exactly did that go about that?:))))))))
@Aaron: Thanks for the question, Aaron (and kudos to your parents on the excellent taste in names) if you take a look at the actual research they've only tested it on number entry. But with a 71% hit rate it's pretty much a given that they could expand the process to include actual typing and most types of interaction with the user interface. Really if you think about it, whats on the key doesn’t matter to the researchers; they're just interested in where you're pointing.
this reminds of the way people would track how pin codes were entered on atms way back
im glad professors are on top of their game and it isnt hackers getting their hands on this stuff
71% according to the blog post which is pretty good
my question is how precise can they actually get?
Creepy!
What would happen if you just always typed with your phone on top of something... like a table... Wouldn't that prevent the shaking they're talking about?
So when exactly am I supposed to break out the tinfoil hat? Seems like now would be a good time.