In association with heise online

19 August 2011, 14:54

Accelerometer used to log smartphone keystrokes

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

iPhone Icon Security researchers have demonstrated that it is possible to record keystrokes entered on a smartphone's on-screen keyboard using the device's built-in accelerometer. The researchers were able to correlate the acceleration measured when tapping individual number keys to the specific key pressed with an accuracy of more than 70 per cent. In contrast to the camera, microphone and GPS sensor, the accelerometer (some devices also contain a gyroscope) is not viewed as a security risk. Apps do not typically require special privileges to monitor a device's movements.

An app could register a service which analyses data from the accelerometer in the background and converts the movement data to individual keys. Under Android 3.x (Honeycomb) and iOS 4.2, web sites can also access accelerometer data without requiring user approval. The demo app currently only runs on an Android smartphone and is limited to detecting number keys. The researchers are, however, planning to extend their work to tablets, on which they hope to be able to achieve improved accuracy – this would be particularly helpful in realising their ambition of being able to accurately detect specific letter keys.

A less original, but rather more effective approach is taken by Android malware called GingerMaster. It uses a root exploit called GingerBreak to permanently compromise the smartphone. According to security researcher Xuxian Jiang, GingerMaster is the first piece of malware to deploy a root exploit for Android 2.3.3 "Gingerbread". It is concealed in repackaged legitimate apps and registers a receiver which will be notified when the smartphone has finished booting. Once installed, it then launches a background service.

This service starts by sending several pieces of information, including the device ID and mobile telephone number, to a server on the web. It then regularly checks for new instructions from a command and control server. This allows the attacker to instruct the bot to perform additional actions such as downloading and executing additional installation packages from the web.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit