October 20, 2011

iPhone spyware can snoop on desktop typing

10-20-2011 Global:

A team of researchers at Georgia Tech have demonstrated how they were able to spy on what was typed on a regular desktop computer's keyboard via the accelerometers of a smartphone placed nearby.

Normally when security researchers describe spyware on smartphones, they mean malicious code that can be used to snoop on calls, or to steal the data held on mobile phones.

In this case, however, researchers have described how they have put software on smartphones to spy on activity *outside* the phone itself - specifically to track what a user might be doing on a regular desktop keyboard nearby.

It sounds like the stuff of James Bond, but the researchers paint a scenario where a criminal could plant a smartphone on the desk close to their target's keyboard and use specialist software to analyse vibrations and snoop on what was being typed.

It's a quite beautiful twist on how bad guys could use microphones to "hear" keystrokes and spy on your passwords.

Patrick Traynor, an assistant professor in Georgia Tech's School of Computer Science, admits that the technique is difficult to accomplish reliably but claims that the accelerometers built into modern smartphones can sense keyboard vibrations and decipher complete sentences with up to 80% accuracy.

"We first tried our experiments with an iPhone 3GS, and the results were difficult to read," said Traynor. "But then we tried an iPhone 4, which has an added gyroscope to clean up the accelerometer noise, and the results were much better. We believe that most smartphones made in the past two years are sophisticated enough to launch this attack."

Indeed, a photograph of the researcher shows him posing with what appears to be an Android smartphone.

For the remainder of this story: by Graham Cluley

No comments: