Your smartphone's accelerometer can capture keystrokes

By on October 20, 2011, 5:30 PM

Security experts have blown the whistle on countless software vulnerabilities, but it's not every day that hardware is blamed for compromising privacy. When such topics do arise, they usually focus on the nefarious use of an infected device's camera or microphone. However, Georgia Tech researchers have shown how a smartphone's accelerometer and gyroscope can be used to record and decipher keystrokes made on your desktop or laptop.

Vibrations created by typing on a keyboard can be detected by a smartphone's accelerometer, the chip that's used to detect your device's orientation. Patrick Traynor of Georgia Tech noted that accelerometers are less sensitive than microphones (100 versus 44,000 samples per second) and typically lack extensive security protection. Mobile operating systems let you restrict an app's access to sensors, but the accelerometer is often excluded.

The first experiment was conducted with an iPhone 3GS, but the results were difficult to read. The iPhone 4's gyroscope improved things, however. When used in conjunction with special software, the method can reconstruct sentences with up to 80% accuracy. The program models keyboard events in pairs and approximates their location and distance. Then that's compared against words with similar characteristics in a preloaded dictionary.

For example, the researchers explained that the word "canoe" is dissected into four keystroke pairs: C-A, A-N, N-O, and O-E. The software reads that sequence as Left-Left-Near, Left-Right-Far, Right-Right-Far and Right-Left-Far. Then it compares those attributes against words that have already been analyzed in a dictionary. Probability dictates that it'll be fairly accurate, though Traynor said the technique is only reliable with words of three or more letters.

Based on its findings, the team believes that smartphones made within the last two years are sophisticated enough to launch this attack. Nonetheless, you probably shouldn't feel particularly alarmed about the discovery. It would still require an attacker to have some form of malware on the device (perhaps downloaded through an application store) and the researchers say the exploit is easily mitigated: just leave your phone in your pocket.




User Comments: 6

Got something to say? Post a comment
Cota Cota said:

Why on earth you need an accelerometer in your phone?

matrix86 matrix86 said:

The accelerometer in your phone determines the screen orientation and works with image stabilization and is used as a tilt sensor for games.

Kibaruk Kibaruk, TechSpot Paladin, said:

Also is used to change on-screen keyboard orientation and size, among other stuff

gwailo247, TechSpot Chancellor, said:

By this standard it can probably tell when you're beating off in front of your computer too.

Guest said:

"Nonetheless, you probably shouldn't feel particularly alarmed about the discovery. It would still require an attacker to have some form of malware on the device (perhaps downloaded through an application store) and the researchers say the exploit is easily mitigated: just leave your phone in your pocket." - I always love these little summaries that would be so useful at the beginning of the article

" Mobile operating systems let you restrict an app's access to sensors, but the accelerometer is often excluded. "

Well theres the fix, just restrict app access...duh? In fact, and I know nothing about smartphones, I say in accordance with general privacy the user should be able to control access to ALL sensors...maybe the technology just isn't there yet? Or phones will never be as customizable as how your computer is?

Win7Dev said:

Option C, just don't worry about it and come to realize that if someone wants to tap your phone they can anyway. It would be way easier for someone just to borrow your phone for a minute and slip a tiny microphone into it to record everything then to try and decipher keystrokes.

Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.