Cripes! iPhone captures keystrokes via thump phreaking
Researchers at Georgia Tech have worked up a proof-of-concept demonstration of using an iPhone 4′s accelerometer as a keylogger. After setting the iPhone near a computer keyboard, the device’s built-in accelerometer and gyroscope were able to decipher entire sentences “with up to 80 percent accuracy…”
Apps don’t currently ask for users’ permission for access to accelerometers and gyroscopes, which raises the remote possibility of iPhones or other accelerometer-equipped devices spying on keyboard inputs without users being the wiser…
The keylogger software works by detecting key pairs — detecting individual key presses turned out to be too difficult and unreliable — and by comparing paired accelerometer events against a built-in dictionary, the software can decipher keypresses with startling accuracy. Our own Mike Rose has coined “thump phreaking” to refer to this spying technique (after Van Eck phreaking, which uses CRT or LCD emissions to reconstruct the screen image) and it’s as apt a term as any for what this software does.
It must be mentioned that this is only a proof of concept and not an actual attack that’s out in the wild. The researchers themselves admit that this keylogger was difficult to build, and it’s easily defeated by something as simple as moving your iPhone more than three inches away from the keyboard.
OTOH, proof of concept almost inevitably leads to some demented script-kiddy trying it out on an unsuspecting innocent.