Will Verduzco · Oct 13, 2013 at 11:30 pm

Can Mobile Accelerometers Spy on Your Desktop Keystrokes?

The answer to the question above, as security researcher Philip Marquardt demonstrated, is “yes.” However, it’s not all that likely in practice, and there are several simple ways to protect yourself.

Data security is a rapidly growing concern in our increasingly digital world. In order to help bring these concerns to light, we recently launched a Security forum specifically for discussion of various security-related topics. Not too long ago, we also talked about malware on Android and how this is largely an overstated problem for those running relatively recent builds of the OS. However, when most people think of mobile security, they think of protecting their own device from intrusions. What many people haven’t considered is the possibility of using a mobile device’s various built-in sensor array to spy on unsuspecting victims.

This is exactly what Philip did while at Georgia Tech, as part of a proof-of-concept keystroke logger. This keylogger works in a rather unconventional way. Rather than using a physical connection to intercept data between a target computer and its keyboard or malicious software stored on the target computer, Philip demonstrated that an iPhone 4’s accelerometer could be used to determine the keystrokes pressed on a nearby physical keyboard. Using two neural networks (one for horizontal distance, and one for vertical distance), the software was able to correlate vibrations picked up by the phone’s accelerometer with their associated keystrokes.

Naturally, there are some major limitations preventing this from becoming the next big security scare. First, a rather precise and sensitive accelerometer must be used. For example in Philip’s testing, the iPhone 3GS was not sensitive enough to work properly, but the iPhone 4 was. Second, the mobile device doing the data acquisition must be relatively close to the physical keyboard being used because as we all know, unfocused vibrational energy through most transmission media dissipates according to the square of its distance. Furthermore, even with extended learning time, individual keypress recognition was impossible and whole word recognition was only 46% accurate—with shorter words being correspondingly less accurate.

Despite the initial limitations in individual key press and low individual word accuracy, however, reliability increased dramatically to 73% if second-choice words were also counted. Thus, semantic analysis clearly has a powerful effect in tuning word detection in context. That said, this would render detection of passwords and other non-semantically relevant data impossible.

So while this is extremely unlikely to be used in the wild in its current form, and the current detection accuracy limits its use to dictionary words, I know that I’ll be a bit more careful if I notice some unknown mystery object on my desk. After all, the sensors in our mobile devices are only become more and more accurate. Furthermore, more purpose-built sensors can conceivably be used to achieve a higher detection accuracy.

Ultimately, there are many more likely ways in which your data will be stolen, so this is nothing to lose sleep over. And if you really wish to protect yourself from the possibility of accelerometer-based spying, just make sure there are no hidden devices on your desk next to your keyboard. Now, acoustic emanation word detection (PDF)… That’s something far more worrying and far more difficult to thwart. I guess it’s time to listen to loud, bass-heavy music whenever I type sensitive information. It may go well with my tinfoil hat. 😛

You can learn more about Philip’s research by viewing his security research paper (warning: PDF).

Via I Programmer.

[Thanks to security researcher John Doyle for the heads up.]


_________
Want something on the XDA Portal? Send us a tip!
TAGS:

Will Verduzco

willverduzco is an editor on XDA-Developers, the largest community for Android users. Will Verduzco is the Portal Administrator for the XDA-Developers Portal. He has been addicted to mobile technology since the HTC Wizard. But starting with the Nexus One, his gadget love affair shifted to Google's little green robot. He is also a Johns Hopkins University graduate in neuroscience and is now currently studying to become a physician. View willverduzco's posts and articles here.
Aamir Siddiqui · Jul 28, 2015 at 12:56 pm · no comments

Galaxy Unpacked: What is Samsung Going to Unveil?

Amidst all the hype of the OnePlus 2 and the rain of Moto 2015 news, Samsung tried stealing the limelight back to itself by announcing their next "Galaxy Unpacked" event, which will be held on August 13th 2015. Samsung took to Twitter to reveal a very cryptic gif associated with the event, which probably has some clue on the device(s) to be launched. The hashtag "#TheNextGalaxy" does indeed point that the event will be the launchpad for a Galaxy device,...

XDA NEWS
Mario Tomás Serrafero · Jul 28, 2015 at 12:26 pm · 1 comment

Arrow Launcher: Good Effort Without Direction

Microsoft’s Android expansion has been well received on the productivity front, but not so much in terms of original applications. While their Office suite managed to bring some of the document-editing excellence to mobile, attempts at entering one’s interface through apps like Picturesque proved to be pointless failures. But even then, some apps like Hyperlapse redeem the computing giant through great quality. Microsoft seems to be approaching Android with brute, misdirected development and plenty of unorganized output, and if they want...

XDA NEWS
Mario Tomás Serrafero · Jul 28, 2015 at 10:07 am · 4 comments

Two New Moto X and New Moto G – Specs & Details

Today’s Moto event just ended and now we have a clear look at all of Motorola’s upcoming phones, including not one but two refreshed versions of their Moto X line. So how do these phones stack up against the competition? Motorola promises no compromises for affordable prices in every bracket, and this is what they have to offer:     Motorola wanted to focus on 5 aspects: meaningful exchanges, making and sharing memories, Self Expression, being always there for you...

XDA NEWS