Slashdot Mirror
How Your Smartphone Can Spy On What You Type
mikejuk writes "We all do it — place our phones down on the desk next to the keyboard. This might not be such a good idea if you want to keep your work to yourself. A team of researchers from MIT and the Georgia Institute of Technology have provided proof of concept for logging keystrokes using nothing but the sensors inside a smartphone — an iPhone 4 to be precise, as the iPhone 3GS wasn't up to it. A pair of neural networks were trained to recognize which keys were being pressed just based on the vibration — and it was remarkably good at it for such a small device. There have been systems that read the keys by listening but this is the first system that can hide in mobile phone malware."
First you need to download and install a neural network program in your smartphone, train it with loads and loads of data. Then turn it on and leave it running. Then it can become a keystroke logger. At this point it worse than the proverbial unix virus, "You got a unix virus. It works on honor system. Please forward this mail to all addresses in your .mailrc and sudo \rm -rf / Thank you."
sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
Seems like an obvious question, I wonder if you can read.
I wonder what this little app would do with the keyboard I am typing on. First of all, it is a mechanical keyboard with cherry MX browns. Second, I have the "buzzer" function on that simulates "clicky"-ness, since it is not a real clicking switch (though tactile) like e.g. the blue one or the real buckled ones.
I am not saying it would work better or worse, just curious if it would work on a Kinesis and how much the "clicker" and the totally odd shape of the keyboards would disrupt the functionality.
Anyway.... my phone is usually on airplane mode when I enter the house and is redirected to a landline that has an Asterisk box on it... then the Asterisk box' FXO is carefully disconnected, so no calls in, no calls out:). That's the way I like to handle phones and phone calls.
Seems like an obscure sensing mechanismI wonder how accurate it is...
Just detecting raw keypresses didn't produce a very accurate result, but switching to picking up pairs of keywords and then using a word dictionary did produce useful data extraction. Accuracies of around 80% were achieved, but the accuracy reduced with the number of keypresses. Word recognition only achieved a 46% accuracy, but this increased to 73% if second choice words were included. Clearly semantic analysis could push the accuracy up.
Be seeing you...
We all do it — place our phones down on the desk next to the keyboard.
I love a good over-generalisation.
Patent litigation: A doctrine of Mutually Assured Destruction... in which everyone seems willing to push the button
it can spy on what you say!!!
Seriously, if my phone is compromised, everything else is pretty much moot.
Its not accurate at all unless you have the luxury of training the neural networks with the phone sitting in EXACTLY the same place in EXACTLY the same orientation every time, in a totally vibration damped laboratory.
You have to locate your phone two inches from the keyboard every time.
Not on a piece of paper, a book or a mouse pad, but directly on the desk.
Oh, and you have to install software on your iphone,
AND feed the data into a a couple of Neural networks external to the phone.
And nothing else can be vibrating on that desk. No radio. No mouse movements, and your computer has to be off the desk.
No air conditioning air flow, not tapping fingers, typical floor bounce from walking people.
And no typing fast.
When you start reading all of the things that will screw up this test that the authors wrote in their own study you have
to wonder how it is they even managed to keep from laughing their own study out the door.
They just proved it can't be done in the real world, yet they went ahead and put out the study anyway as if
they had discovered a real and present attack vector.
So then the recommend you keep your phone outside the room. Who does that? Why do that, when
their own study demonstrates it is totally impossible to do this?
Sig Battery depleted. Reverting to safe mode.
. . . of the little scheme someone I knew cooked up to read data transmissions from watching the lights flash on a Hayes modem - from a distance, of course :) Not that I would ever do anything spurious like that, tho.
The vibration trick seems a bit of a stretch to be useful, but it does fall into a class of things like you said. There are so many holes in the technology created by accident or on purpose that it is a wonder that anything is secure. I was at a COMDEX once a long time ago and was chatting with an engineer ( a friend ) that worked for a modem company about my companies dial up customer service sytem and complaining that it hung up on customers some times. He asked me for my dial up number and I provided it. I assumed he was going to see if it hung up on him. He proceeded to enter a long string of characters and took control of our modem, went into configuration and changed a parameter that set a hang up delay on inactivity. It fixed the problem, but that was creepy. Obviously that was long ago before the internet, but I have never trusted any system since then unless it was open source and open hardware, and even then I am not sure because I have seen spooks at the chip fab and I am sure they weren't there to get coffee.
I watched some videos from DEFCON and became even more certain that we live in a silicon dioxide house and it is subject to fracture on impact, so it would be advisable to avoid conflict with projectiles.
I think that marketing it as a "vulnerability" is a neat trick - how else would you make it onto Slashdot?
That said, it's a neat proof-of-concept that may, eventually, find some (voluntary) applications. Need to diagnose a vibration in a car, washing machine, etc.? Something in the house making an odd noise and you can't figure it out? Water/gas line leak while you're asleep. There's potential, and, as they inadvertantly point out, (4>3GS) the sensor technology is improving.
Isn't this just a proof of concept though - like most technologies start?
Their study can be used as a reference, and over time, the underlying technology and techniques can be perfected so that it can work as an additional attack vector. Do you think Acoustic Keyloggers worked right off the bat from conception to implementation? And your premise relies on the postulation that sensors in mobile phones won't improve over time as well - or that multiple technologies will just cease to improve, for that matter.
There was an episode of MI5 (aired as "Spooks" in the UK) that had this many years ago.
They gave a foreign agent a document to type, and had an eavesdropping device in his office. By recording the keyclicks of the known document, they were able to train the system to decode keyclicks for subsequent documents.
It didn't seem farfetched at the time, it doesn't seem farfetched today.
This is a 2011 study... and this becomes news in /. over 2 years later?
I have an IBM type M keyboard, and this post was relayed to slashdot via the Global Seismographic Network
If my comment didn't sound as good in your head as it did in mine, then I guess we all know who's to blame