Slashdot Mirror

← Back to Stories (view on slashdot.org)

How Your Smartphone Can Spy On What You Type

Posted by samzenpus on from the what-do-you-feel? dept.

mikejuk writes "We all do it — place our phones down on the desk next to the keyboard. This might not be such a good idea if you want to keep your work to yourself. A team of researchers from MIT and the Georgia Institute of Technology have provided proof of concept for logging keystrokes using nothing but the sensors inside a smartphone — an iPhone 4 to be precise, as the iPhone 3GS wasn't up to it. A pair of neural networks were trained to recognize which keys were being pressed just based on the vibration — and it was remarkably good at it for such a small device. There have been systems that read the keys by listening but this is the first system that can hide in mobile phone malware."

4 of 77 comments (clear)

  1. Over-generalisation? by GumphMaster · · Score: 5, Insightful

    We all do it — place our phones down on the desk next to the keyboard.

    I love a good over-generalisation.

    --
    Patent litigation: A doctrine of Mutually Assured Destruction... in which everyone seems willing to push the button
  2. Even worse... by Nanoda · · Score: 3, Insightful

    it can spy on what you say!!!

    Seriously, if my phone is compromised, everything else is pretty much moot.

  3. Re:Wonder the accuracy rate by Anonymous Coward · · Score: 3, Insightful

    Isn't this just a proof of concept though - like most technologies start?

    Their study can be used as a reference, and over time, the underlying technology and techniques can be perfected so that it can work as an additional attack vector. Do you think Acoustic Keyloggers worked right off the bat from conception to implementation? And your premise relies on the postulation that sensors in mobile phones won't improve over time as well - or that multiple technologies will just cease to improve, for that matter.

  4. Re:Wow! What a vulnerability!! by girlintraining · · Score: 3, Insightful

    First you need to download and install a neural network program in your smartphone, train it with loads and loads of data. Then turn it on and leave it running. Then it can become a keystroke logger. At this point it worse than the proverbial unix virus, "You got a unix virus. It works on honor system. Please forward this mail to all addresses in your .mailrc and sudo \rm -rf / Thank you."

    You know, the same smartass attitude was held by our government officials regarding the "hollywood" possibility of hackers gaining control over power grids, missile launch systems, water distribution systems, etc. And then Stuxnet showed up, and took out a key element of a country's nuclear weapons program. It is exceptionally arrogant to say because you can't see a problem, one doesn't exist.

    This is a proof of concept; It demonstrates that such an attack is now possible. Everything Stuxnet achieved, it did based on proof of concept code, which was then studied, refined, and weaponized. It's just a matter of time now. As mobile devices are loaded with more sensors, and yet retain their closed-source, integrated black box SoCs, etc., attacks of this sort will not only be practical, but one day trivial.

    --
    #fuckbeta #iamslashdot #dicemustdie