As you hold your smartphone and type, the phone vibrates, and security researchers have created software that uses those typing keystroke vibrations as a type of keylogger for Android smartphones. University of California security researchers Hao Chen and Liang Cai developed an Android app, TouchLogger, to show a relationship between keystroke vibrations and the keys that are being tapped. In fact, the privacy attacking app "correctly inferred more than 70% of the keys typed on a number-only soft keyboard on a smartphone." The researchers said TouchLogger should perform even better on tablet computers and devices that have larger screens.
The monitoring of motion that infers keystrokes begins after a user has installed TouchLogger, and granted "motion sensor privilege." Motion-sensor output is not regarded as private by mobile operating systems, so they hope to raise awareness that side channel attacks using motion can leak confidential data. Chen will present his research at the HotSec '11 conference in San Francisco, California.
According to the paper, TouchLogger: Inferring Keystrokes On Touch Screen From Smartphone Motion [PDF], "Attacks using sensors on smartphone raises the awareness of privacy attacks on smartphone sensors. Besides the obvious privacy concern over the GPS sensor, researchers have shown attacks using the camera and microphone. To the best of our knowledge, this paper is the first to show the privacy risks of motion sensors."
The TouchLogger app "infers the landing locations of the typing finger based on the device orientation and then looks up the corresponding keys based on the current soft keyboard configuration." The keys that correspond with digits 1 and 9 have the highest accuracy. How hard you tap the smartphone, "resistance force" and where the supporting hand holds the smartphone are all factors which affect angles and keystroke vibrations. Researchers discovered that the supporting hand portion might be the only "significant impact" on the TouchLogger accuracy.
This image of the TouchLogger data collection app is "Figure 3" from the research paper.
While Chen said he hasn't seen proof of criminals using touchscreen keyloggers to secretly monitor and steal confidential data from smartphone users, crooks may already being using motion as a side channel attack.
Another little Android app tidbit includes animal activists tainting the an older version of the 'Dog Wars' game app with a "Dogbite" trojan. The Beta 0.981 version is not in the official Android Market but is still circulating on pirate sites. Symantec reported, "Once started, the service proceeds to send out a text message to everyone on the contact list of the compromised device with the following message: 'I take pleasure in hurting small animals, just thought you should know that'."
While Symantec's Irfan Asrar discovered the compromised device attempts to sign up to a PETA text/alert service, "we have no reason to believe that PETA had anything to do with this app, and that it is most likely the work of someone attempting to associate the app with PETA or to gain sympathy by the association." More images and more info on Symantec.