Cripes! iPhone captures keystrokes via thump phreaking

Researchers at Georgia Tech have worked up a proof-of-concept demonstration of using an iPhone 4′s accelerometer as a keylogger. After setting the iPhone near a computer keyboard, the device’s built-in accelerometer and gyroscope were able to decipher entire sentences “with up to 80 percent accuracy…”

Apps don’t currently ask for users’ permission for access to accelerometers and gyroscopes, which raises the remote possibility of iPhones or other accelerometer-equipped devices spying on keyboard inputs without users being the wiser…

The keylogger software works by detecting key pairs — detecting individual key presses turned out to be too difficult and unreliable — and by comparing paired accelerometer events against a built-in dictionary, the software can decipher keypresses with startling accuracy. Our own Mike Rose has coined “thump phreaking” to refer to this spying technique (after Van Eck phreaking, which uses CRT or LCD emissions to reconstruct the screen image) and it’s as apt a term as any for what this software does.

It must be mentioned that this is only a proof of concept and not an actual attack that’s out in the wild. The researchers themselves admit that this keylogger was difficult to build, and it’s easily defeated by something as simple as moving your iPhone more than three inches away from the keyboard.

OTOH, proof of concept almost inevitably leads to some demented script-kiddy trying it out on an unsuspecting innocent.

About these ads

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s