October 19, 2011 at 16:43Using your smartphone as a keylogger for PC
Researchers from Georgia Tech University have shown how you can use your smartphone as a keylogger. It turns out that if you put a smartphone next to the keyboard, as millions of users around the world do, then the sensitivity of the built-in accelerometer is enough to distinguish the vibration of pressing on individual keyboard keys.
The accuracy of such a keylogger is 80%, and not all phone models are suitable, but only smartphones of the latest generation. For example, at first the researchers experimented with the iPhone 3GS, but the results were unsatisfactory. But the iPhone 4 proved to be better thanks to an additional gyroscope that cleans the noise from the accelerometer.
It can be assumed that future models of smartphones will determine the vibration even more accurately, so that such a keylogger can be used in practice.
But why measure vibration from the keyboard, you ask, if you can just turn on the microphone on your smartphone and listen to the sound from the typed keys, because a lot of tools have been developed for such purposes that work with narrowly focused microphones. The developers answer that in order to take sound from the microphone, you need to bypass security protection in the OS, and it is easier for potentially malicious software to get data from the accelerometer. In addition, it is easier to analyze information from the accelerometer than from a microphone, because its data is updated 100 times per second, while the microphone has a sampling frequency of 44,000 hertz.
The program for recognizing text does not work with individual vibrations from single clicks (this turned out to be too difficult), but with paired vibrations from two keys. For each pair, it is determined in which part of the keyboard they are (near or far), near or far from each other. That is, for the four-letter word BAKS, three pairing combinations are obtained: BA (right-left-far), AK (left-left-near), CS (left-left, far).
Having received these characteristics for pairs of letters, the program runs the dictionary information and searches for suitable words. The technique more or less normally works for well-known words with a length of three or more letters. The program will not be able to parse passwords from a random combination of characters.
An accuracy of 80% is obtained in the English text with a dictionary of 58,000 words.
According to the developers, such programs are very easy to deal with if the smartphone developers reduce the polling rate of the accelerometer from 100 to 50 times per second. The keylogger will then not have enough data, and most normal programs will not notice the difference.
The work “(sp) iPhone: Decoding Vibrations From Nearby Keyboards Using Mobile Phone Accelerometers” will be presented on October 20 at the ACM conference on computer security and communications in Chicago.
The accuracy of such a keylogger is 80%, and not all phone models are suitable, but only smartphones of the latest generation. For example, at first the researchers experimented with the iPhone 3GS, but the results were unsatisfactory. But the iPhone 4 proved to be better thanks to an additional gyroscope that cleans the noise from the accelerometer.
It can be assumed that future models of smartphones will determine the vibration even more accurately, so that such a keylogger can be used in practice.
But why measure vibration from the keyboard, you ask, if you can just turn on the microphone on your smartphone and listen to the sound from the typed keys, because a lot of tools have been developed for such purposes that work with narrowly focused microphones. The developers answer that in order to take sound from the microphone, you need to bypass security protection in the OS, and it is easier for potentially malicious software to get data from the accelerometer. In addition, it is easier to analyze information from the accelerometer than from a microphone, because its data is updated 100 times per second, while the microphone has a sampling frequency of 44,000 hertz.
The program for recognizing text does not work with individual vibrations from single clicks (this turned out to be too difficult), but with paired vibrations from two keys. For each pair, it is determined in which part of the keyboard they are (near or far), near or far from each other. That is, for the four-letter word BAKS, three pairing combinations are obtained: BA (right-left-far), AK (left-left-near), CS (left-left, far).
Having received these characteristics for pairs of letters, the program runs the dictionary information and searches for suitable words. The technique more or less normally works for well-known words with a length of three or more letters. The program will not be able to parse passwords from a random combination of characters.
An accuracy of 80% is obtained in the English text with a dictionary of 58,000 words.
According to the developers, such programs are very easy to deal with if the smartphone developers reduce the polling rate of the accelerometer from 100 to 50 times per second. The keylogger will then not have enough data, and most normal programs will not notice the difference.
The work “(sp) iPhone: Decoding Vibrations From Nearby Keyboards Using Mobile Phone Accelerometers” will be presented on October 20 at the ACM conference on computer security and communications in Chicago.