Matt Liebowitz reported on Security News Daily dated 21 Oct 2011 that if there's a smartphone resting somewhere near your computer right now, it could be logging everything you type into your desktop keyboard and sending that information back to a hacker.
Students at Georgia Tech's School of Computing conducted a proof-of-concept hack to demonstrate how, by tapping into a smartphone's accelerometer, which measures the vibrations of the device, they were able to infer what a target was typing on a keyboard placed near the phone with up to 80 percent accuracy.
The hack works by detecting pairs of keystrokes, rather than individual keys. The researchers used the word "Canoe" as an example. Typed, the word canoe can be broken down into four pairs of keystrokes, C-A, A-N, N-O and O-E.
"Those pairs then translate into the detection system's code as follows: Left-Left-Near, Left-Right-Far, Right-Right-Far and Right-Left, Far…This code is then compared to the preloaded dictionary and yields 'canoe' as the statistically probable typed word," the researchers said.
The method takes some work, and would require the targeted phone to download a specific application to allow the attackers to turn on the keylogger. But, as seen in millions of Internet scams everyday, it isn't difficult to convince someone on the Internet to click a link. And once the keylogger is activated, the technology hidden inside the new generation of smartphones makes the attack that much easier.
My take on this is we don't have to worry about this type of vulnerability just yet. I think that this would depend on the proficiency of the typist for it to work. How would it fair with a hunt and peck typist? It also doesn't mention how close the phone would have to be to the keyboard to detect the vibrations. What happens if you have a keyboard from Apple or a soft touch keyboard where you don't hear the clatter of the keys when typing? What about picking up sound from other nearby systems?
I also don't see how this is much different than placing a standard cell phone in a diagnostic mode where it is constantly transmitting everything that the microphone picks up. This would serve the same purpose and negate the need to transmit the information later.
No comments:
Post a Comment