iPhone spyware can snoop on desktop typing

Filed Under: Data loss, iOS, Malware, Mobile, Privacy

A team of researchers at Georgia Tech have demonstrated how they were able to spy on what was typed on a regular desktop computer's keyboard via the accelerometers of a smartphone placed nearby.

iPhone and keyboard

Normally when security researchers describe spyware on smartphones, they mean malicious code that can be used to snoop on calls, or to steal the data held on mobile phones.

In this case, however, researchers have described how they have put software on smartphones to spy on activity *outside* the phone itself - specifically to track what a user might be doing on a regular desktop keyboard nearby.

It sounds like the stuff of James Bond, but the researchers paint a scenario where a criminal could plant a smartphone on the desk close to their target's keyboard and use specialist software to analyse vibrations and snoop on what was being typed.

It's a quite beautiful twist on how bad guys could use microphones to "hear" keystrokes and spy on your passwords.

Patrick TraynorPatrick Traynor, an assistant professor in Georgia Tech's School of Computer Science, admits that the technique is difficult to accomplish reliably but claims that the accelerometers built into modern smartphones can sense keyboard vibrations and decipher complete sentences with up to 80% accuracy.

"We first tried our experiments with an iPhone 3GS, and the results were difficult to read," said Traynor. "But then we tried an iPhone 4, which has an added gyroscope to clean up the accelerometer noise, and the results were much better. We believe that most smartphones made in the past two years are sophisticated enough to launch this attack."

Indeed, a photograph of the researcher shows him posing with what appears to be an Android smartphone.

Keyboard vibrations

What's quite interesting to those of a geeky mindset is the technique adopted by the university researchers to build up their cache of stolen data. It turns out that is largely based on probability.

Presently the spyware cannot determine the pressing of individual keys through the iPhone's accelerometer, but "pairs of keystrokes" instead. The software determines whether the keys are on the right or left hand side of a standard QWERTY keyboard, and then whether the pair of keys are close together or far apart.

With the characteristics of each pair of keystrokes collected, it compares the results against a dictionary - where each word has been assigned similar measurements.

For example, take the word "canoe," which when typed breaks down into four keystroke pairs: "C-A, A-N, N-O and O-E." Those pairs then translate into the detection system’s code as follows: Left-Left-Near, Left-Right-Far, Right-Right-Far and Right-Left-Far, or LLN-LRF-RRF-RLF. This code is then compared to the preloaded dictionary and yields "canoe" as the statistically probable typed word.

For understandable reasons, the technique is said to only work reliably on words which have three or more letters.

Text recovery

Henry Carter, one of the study's co-authors, explained the attack scenario that they envisaged could be used:

"The way we see this attack working is that you, the phone’s owner, would request or be asked to download an innocuous-looking application, which doesn’t ask you for the use of any suspicious phone sensors."

"Then the keyboard-detection malware is turned on, and the next time you place your phone next to the keyboard and start typing, it starts listening."

It's an interesting piece of research, but I have to wonder how effective it would be in the real world.

KeyboardFor instance, hackers often want to steal passwords from individuals. If the computer users is following sensible security practice and is *not* using a dictionary word for their password then it's hard to imagine that the technique in its current form would be able to determine what the password is.

And an 80% accuracy rate falls some way short of what most criminals would want.

I'm also curious as to how well the system would work when trying to steal numerical information - such as account numbers, credit card data or social security numbers. The dictionary wouldn't be any help against them, and the placement of numerical keys (either along the top row of the keyboard or tightly fit on a numeric keypad) would make discrimination very difficult I suspect.

The study's authors also determined that because the smartphone had to be within a range of just three inches from the keyboard, phone users who left their phones in their pockets or purses, or simply moved them further from the keyboard would be well defended.

The researchers admitted that the likelihood of an attack of this nature "right now is pretty low", and I'm not planning to lose any sleep over the threat. Nevertheless, if you manage to get the chance do take some time to read the paper: "(sp)iPhone: Decoding Vibrations From Nearby Keyboards Using Mobile Phone Accelerometers".

, , , , , , ,

You might like

8 Responses to iPhone spyware can snoop on desktop typing

  1. M4P · 1100 days ago

    I'm scared!... not..

  2. Mrt · 1100 days ago

    I saw some security researcher from IOActive do this a year back or so Dunlop or Ridpath forgot who.

  3. HTC Pakistan · 1099 days ago

    This really helped me because I’m doing a project and your blog is so informative. Thanks and keep up the good work.
    HTC Pakistan

  4. Dan Greenberg · 1096 days ago

    Cool trick... but I wonder why they took such a difficult route. As you mentioned, attacking via an open mic is well known, although generally this is assumed to be the PC's own mic. Why not have the app listen for that keyboard via the phone mic instead of the accelerometer? My guess is that the range will be much better and, given the amount of time folks have worked on algorithms for such, I am sure there is more accurate code out there.

    Another note: since the phone no doubt has autocorrect, why not use this functionality to improve accuracy?

  5. walterwally · 1095 days ago

    It sounds like this technique is good enough to determine if someone is sending an email to a specific person at a specific time.

    You don't always have to know exactly what was sent, just that something was sent.

    That narrows down the suspects, and then you can focus in on those persons.

  6. Willem van den Brink · 1060 days ago

    I see possibilities. Now you can grab any keyboard, even a defect one, to type messages on your Iphone.

  7. Guest · 1009 days ago

    Unfortunately, I did not have an opportunity to read the (sp)iPhone paper.

  8. bailoutMoreBanks · 532 days ago

    Why plant a $200 smartphone nearby, when all sorts of other devices could do the same or better for 30% of the cost? Oh, the cheek of it! The article is quite interesting, no doubt. I wonder about the sound dampening properties of my silicon keyboard cover? An unexpected benefit as an additional layer of accidental security?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.