Your smartphone's accelerometer can capture keystrokes

[Matthew DeCarlo]

Security experts have blown the whistle on countless software vulnerabilities, but it's not every day that hardware is blamed for compromising privacy. When such topics do arise, they usually focus on the nefarious use of an infected device's camera or microphone. However, Georgia Tech researchers have shown how a smartphone's accelerometer and gyroscope can be used to record and decipher keystrokes made on your desktop or laptop.

Vibrations created by typing on a keyboard can be detected by a smartphone's accelerometer, the chip that's used to detect your device's orientation. Patrick Traynor of Georgia Tech noted that accelerometers are less sensitive than microphones (100 versus 44,000 samples per second) and typically lack extensive security protection. Mobile operating systems let you restrict an app's access to sensors, but the accelerometer is often excluded.

The first experiment was conducted with an iPhone 3GS, but the results were difficult to read. The iPhone 4's gyroscope improved things, however. When used in conjunction with special software, the method can reconstruct sentences with up to 80% accuracy. The program models keyboard events in pairs and approximates their location and distance. Then that's compared against words with similar characteristics in a preloaded dictionary.

For example, the researchers explained that the word "canoe" is dissected into four keystroke pairs: C-A, A-N, N-O, and O-E. The software reads that sequence as Left-Left-Near, Left-Right-Far, Right-Right-Far and Right-Left-Far. Then it compares those attributes against words that have already been analyzed in a dictionary. Probability dictates that it'll be fairly accurate, though Traynor said the technique is only reliable with words of three or more letters.

Based on its findings, the team believes that smartphones made within the last two years are sophisticated enough to launch this attack. Nonetheless, you probably shouldn't feel particularly alarmed about the discovery. It would still require an attacker to have some form of malware on the device (perhaps downloaded through an application store) and the researchers say the exploit is easily mitigated: just leave your phone in your pocket.

Permalink to story.

https://www.techspot.com/news/45943-your-smartphones-accelerometer-can-capture-keystrokes.html

 

[Cota]

Why on earth you need an accelerometer in your phone?

 

[matrix86]

The accelerometer in your phone determines the screen orientation and works with image stabilization and is used as a tilt sensor for games.

 

[Kibaruk]

Also is used to change on-screen keyboard orientation and size, among other stuff

 

[gwailo247]

By this standard it can probably tell when you're beating off in front of your computer too.

 

[Guest]

"Nonetheless, you probably shouldn't feel particularly alarmed about the discovery. It would still require an attacker to have some form of malware on the device (perhaps downloaded through an application store) and the researchers say the exploit is easily mitigated: just leave your phone in your pocket." - I always love these little summaries that would be so useful at the beginning of the article

" Mobile operating systems let you restrict an app's access to sensors, but the accelerometer is often excluded. "

Well theres the fix, just restrict app access...duh? In fact, and I know nothing about smartphones, I say in accordance with general privacy the user should be able to control access to ALL sensors...maybe the technology just isn't there yet? Or phones will never be as customizable as how your computer is?

 

[Greg S]

Option C, just don't worry about it and come to realize that if someone wants to tap your phone they can anyway. It would be way easier for someone just to borrow your phone for a minute and slip a tiny microphone into it to record everything then to try and decipher keystrokes.

 

[Guest]

I don't know why you need the smartphone's accelerometer to capture the keystrokes. and maybe it is little complex. If you want to log keystrokes then I suggest you the iKeyMonitor , I think it absolutely will astonish you.