Researchers Keylog Smartphone Using Its Accelerometer
Keylogging has always been something you want to avoid, considering it can give hackers direct, complete unencrypted passwords and login data. It’s pretty easy to keylog a laptop or desktop since a keyboard is just a series of buttons, each devoted to a single letter. On a smartphone, however, that’s not the case. Think that’ll protect you from keylogging? It won’t.
Researchers Hao Chen and Lian Cai at University of California Davis, have found a way to keylog a smartphone not from physical key strokes, but from accelerometer movements. As it turns out, each key press has its own distinct pitch, roll and yaw, meaning that if you can identify what those are on a specific phone with a specific layout, you can pull keystroke data from accelerometer history. That’s what Hao and Lian are coming up on, but they haven’t quite made it yet.
Their proof of concept project consisted of keylogging strokes from a 10-digit keypad layout instead of a full keyboard. Eventually, they reached an average correct guess rate of 71.5%. The actual accuracy varies from phone to phone, not because of layout but due to the frequency at which the phone records accelerometer data. Although that means they cannot guess correctly 28.5% of the time, it does not mean that they don’t get data 28.5% of the time. While they are not always able to narrow down the guess to a single key, they can usually figure out the row or column.
Now this is a far cry from reading everything someone writes into their phone in exact detail, but this is an early proof of concept. For one thing, if the numpad accuracy was improved, it could be great at capturing pin numbers or credit card numbers. It’s also worth noting that if the same level of accuracy could be achieved on full keyboard reading, it would be pretty easy to narrow down the non-exact guesses through context. Maybe they couldn’t snag your alphanumeric gibberish password, but they could read your emails easily enough. One last point worth making is that the accelerometer data needs to be very specific because phones are so small. You know what’s not so small and still has accelerometer data? Tablets.
Have a tip we should know? [email protected]