Slashdot Mirror

← Back to Stories (view on slashdot.org)

Proof-of-Concept Android Trojan Uses Motion Sensors To Steal Passwords

Posted by Soulskill on Monday April 23, 2012 @07:14AM from the for-when-normal-keylogging-is-just-too-precise dept.

judgecorp writes "TapLogger, a proof-of-concept Trojan for Android developed by resarchers at Pennsylvania State University and IBM, uses information from the phone's motion sensor to deduce what keys the user has tapped (PDF), thus revealing otherwise-hidden information such as passwords and PINs."

2 of 105 comments (clear)

Min score:

Reason:

Sort:

Swype by Pat+Attack · 2012-04-23 07:19 · Score: 5, Interesting

I wonder if it would work on those of us who use a Swype keyboard. Then again, I do tap out my passwords. A thought: If you randomize the keyboard for password entries, that would make it harder to discern from malware like that and the over-the-shoulder attack.
1. Re:Swype by robmv · 2012-04-23 08:53 · Score: 4, Interesting
  
  long term better solution is that OS fields for passwords and PIN keypads disable applications access to motion sensor data. If you are custom drawing a password field and not using the OS provided one, add an API to hide motion sensor data when you need it