http://www.theregister.co.uk/2011/08/17/android_key_logger/ By Dan Goodin in San Francisco The Register 17th August 2011 Computer scientists have developed an Android app that logs keystrokes using a smartphone's sensors to measure the locations a user taps on the touch screen. TouchLogger, as their demo app is dubbed, allowed its creators at the University of California at Davis to demonstrate a vulnerability in smartphones and tablets that has largely gone unnoticed: While most of these devices lack physical keyboards that have long been known to leak user input, they nonetheless remain susceptible to monitoring through similar side-channel attacks. Whereas eavesdroppers measure sound and electromagnetic emanation to capture input from traditional keyboards, they can monitor the motion of the device to achieve much the same result from a touch screen. “Our insight is that motion sensors, such as accelerometers and gyroscopes, may be used to infer keystrokes,” the researchers wrote in a paper (PDF here) presented last week at the HotSec'11 workshop in San Francisco. “When the user types on the soft keyboard on her smartphone (especially when she holds her phone by hand rather than placing it on a fixed surface), the phone vibrates. We discover that keystroke vibration on touch screens are highly correlated to the keys being typed.” [...] ___________________________________________________________ Tegatai Managed Colocation: Four Provider Blended Tier-1 Bandwidth, Fortinet Universal Threat Management, Natural Disaster Avoidance, Always-On Power Delivery Network, Cisco Switches, SAS 70 Type II Datacenter. Find peace of mind, Defend your Critical Infrastructure. http://www.tegataiphoenix.com/Received on Wed Aug 17 2011 - 22:34:33 PDT
This archive was generated by hypermail 2.2.0 : Wed Aug 17 2011 - 22:29:34 PDT