Slashdot Mirror

← Back to Stories (view on slashdot.org)

Proof-of-Concept Malware Captures Every Tap On Smartphones Or Tablets

Posted by Soulskill on from the keyloggers-for-the-mobile-consumer dept.

DavidGilbert99 writes: "Keylogging has been a big component of most malware in recent years, but with the advent of touch as the interface of choice on smartphones, tablets and — increasingly — laptops, it has been getting harder for cyber-criminals to know what you are doing. A researcher has developed a proof-of-concept piece of malware which is able to capture everything you are doing on your touch devices, from where you touch the screen to what is being displayed."

6 of 39 comments (clear)

  1. This is actually quite scary. by Anonymous Coward · · Score: 5, Funny

    I have to admit, I never considered this to be an issue. Now I'm quite scared by this revelation. So when I lay my cock across my iPad, are you telling me that criminals could accurately determine its length and girth? That makes me feel very, very uncomfortable!

  2. Re:No valid distribution method... by sunderland56 · · Score: 2, Informative

    There are massive problems with the Apple store security process; I'm sure that Google's and Amazon's are no better.

  3. One potential market for this software by Dachannien · · Score: 2

    This will be great news for all those people who think they aren't getting nearly enough information through Facebook about their friends' Candy Crush exploits.

  4. Re:No valid distribution method... by Anubis+IV · · Score: 2

    It'd be easy to slip it in as an update to an existing piece of software, similar to the recent reports of Chrome extensions being purchased by companies that then turn them, via later updates, into advertising delivery vehicles. Android and jailbroken iOS are both vulnerable to this form of attack due to the forms of processing that they allow in the background, and the fact is, delivering it is not particularly difficult, since malware has already found its way onto these platforms (native iOS isn't as affected, since even though the malware may be able to be delivered to it, the way it handles background processes would neuter the attack itself).

    Really, all that needs to be done by a malware developer beyond what's already been done is add some OCR capabilities to the malware so that it can identify what key it is that you're hitting, enabling it to know exactly what your username and password are. Or, better yet, somehow tie into the input system directly so that it can identify precisely what textual inputs are being provided, without any need for image recognition or processing.

  5. Re:No valid distribution method... by bonehead · · Score: 2

    add some OCR capabilities to the malware so that it can identify what key it is that you're hitting,

    Um... You either don't understand what OCR is, or you're proposing a complex solution to a simple problem.

  6. Re:No valid distribution method... by Anubis+IV · · Score: 2

    It is good to shine the light on stuff like that, but let's be sure we keep the scale of the problem in context, since referring to it as a "massive problem" is quite a bit of an overstatement. Moreover, the connotation involved in the comparison with Google and Amazon suggests a false equivalency, when the fact is that one of them is suffering a malware incidence rate that is over two orders of magnitude greater than the one with the lowest rate (which, when you look at the raw numbers, isn't actually that bad, but they're still not in the same vicinity as each other by any stretch of the imagination).

    A single proof of concept that's already been addressed (according to your source) and has yet to be seen in the wild beyond that initial research experiment is a negligible concern, not a massive one. It's worth sharing and worth calling Apple to task on, but let's not overstate the issue.