By: Darlene Storm
You sit down at your desk, set down your mobile phone, boot your computer and then start work. Would it occur to you that a hacker might be using your smartphone as a spying device to track what you were typing?
Thanks to a hack by a research team at George Institute of Technology, your mobile phone can now be turned into a spiPhone that eavesdrops on the sound of your fingers tapping away on the keyboard to detect pairs of keystrokes and determine what you're typing. According to Georgia Tech, the snooping works by "using a smartphone accelerometer - the internal device that detects when and how the phone is tilted - to sense keyboard vibrations as you type to decipher complete sentences with up to 80% accuracy."
Here's the deal, you could download an innocent looking app that doesn't ask for any special permission to access your smartphone sensors. But whammo! You could be a targeted victim for spying because most mobile phones have no accelerometer security and request no permission for access to the accelerometer. You would not know the app was laced with a specially crafted malware to turn your phone into a spiPhone.
In case you are unfamiliar with an accelerometer, it can be found in all sorts of consumer electronics for the purposes of detecting motion input, orientation sensing, or be used for image stabilization. Accelerometers are common in smartphones "to present landscape or portrait views of the device's screen, based on the way the device is being held." In fact, accelerometers are in many devices such as Wii remotes and nunchuks, Nintendo 3DS, and PS3 DualShock 3 remotes, car collision notification systems that call for help after "detecting crash-strength G-forces," and even "sleep phase" alarm clocks use an accelerometer to sense a sleeper's movement so it will not awaken a person during the REM phase.
Although the accelerometer spying experiments started with an iPhone 3GS, it was too difficult to decipher the typing results. Patrick Traynor, assistant professor in Georgia Tech's School of Computer Science, said, "But then we tried an iPhone 4, which has an added gyroscope to clean up the accelerometer noise, and the results were much better. We believe that most smartphones made in the past two years are sophisticated enough to launch this attack."
Researchers previously tapped into microphones for this type of attack, but manufacturers have installed security precautions in mobile phones' microphones; when a user installs a new app, the phone's OS asks if the app can access the mic. While a phone's microphone is much more sensitive and can analyze vibrations about 44,000 times per second, compared to an accelerometer which samples vibrations only 100 times per second, the accelerometers in most phones have no security precautions.
"The way we see this attack working is that you, the phone's owner, would request or be asked to download an innocuous-looking application, which doesn't ask you for the use of any suspicious phone sensors," said Henry Carter, a PhD student in computer science and one of the study's co-authors. "Then the keyboard-detection malware is turned on, and the next time you place your phone next to the keyboard and start typing, it starts listening."
The eavesdropping technique does not detect single keystrokes, but "works through probability and by detecting pairs of keystrokes." It "listens" to "keyboard events" in pairs, then determines if the keys typed were on the left or right side of the keyboard and if they were close to each other or farther apart. Then it takes those pairs of keys depressed and runs them against a preloaded dictionary with 58,000 words, "each word of which has been broken down along similar measurements (i.e., are the letters left/right, near/far on a standard QWERTY keyboard)." It works reliably on words that are at least 3 letters and can accurately decipher what was typed about 80% of the time.
Traynor said not to be paranoid that hackers are spying on your keystrokes through your iPhones. "The likelihood of someone falling victim to an attack like this right now is pretty low," he said. "This was really hard to do. But could people do it if they really wanted to? We think yes." Until manufacturers build in some security on accelerometers, Traynor added that users can get around this vulnerability by keeping their mobile phones in their pockets or purses, or move the phone further away from the keyboard.
The findings of this research, "(sp)iPhone: Decoding Vibrations From Nearby Keyboards Using Mobile Phone Accelerometers," and will be presented this week at the 18th ACM Conference on Computer and Communications Security in Chicago.