If there's a smartphone resting somewhere near your computer right now, it could be logging everything you type into your desktop keyboard and sending that information back to a hacker.
Students at Georgia Tech's School of Computing conducted a proof-of-concept hack to demonstrate how, by tapping into a smartphone's accelerometer, which measures the vibrations of the device, they were able to infer what a target was typing on a keyboard placed near the phone with up to 80 percent accuracy.
The team used an iPhone for their experiment, but the same attack is possible using "any smartphone from the past two years with an accelerometer," Michael Terrazas, assistant director of communications for Georgia Tech's College of Computing told SecurityNewsDaily.
The hack works by detecting pairs of keystrokes, rather than individual keys. The researchers used the word "Canoe" as an example. Typed, the word canoe can be broken down into four pairs of keystrokes, C-A, A-N, N-O and O-E.
"Those pairs then translate into the detection system's code as follows: Left-Left-Near, Left-Right-Far, Right-Right-Far and Right-Left, Far…This code is then compared to the preloaded dictionary and yields 'canoe' as the statistically probable typed word," the researchers said.
The method takes some work, and would require the targeted phone to download a specific application to allow the attackers to turn on the keylogger. But, as seen in millions of Internet scams everyday, it isn't difficult to convince someone on the Internet to click a link. And once the keylogger is activated, the technology hidden inside the new generation of smartphones makes the attack that much easier.
"We first tried our experiments with an iPhone 3GS, and the results were difficult to read," Patrick Traynor, an assistant professor and member of the research team said. "But then we tried an iPhone 4, which has an added gyroscope to clean up the accelerometer noise, and the results were much better. We believe that most smartphones made in the past two years are sophisticated enough to launch this attack."
The research team also includes Georgia Tech graduate student Arunabh Verma, Georgia Tech Ph.D. student Henry Carter and Philip Marquardt of the MIT Lincoln Laboratory. The researchers presented their paper, "(sp)iPhone: Decoding Vibrations From Nearby Keyboards Using Mobile Phone Accelerometers" at the ACM Conference on Computer and Communications Security yesterday (Oct. 20) in Chicago.
So how worried should you be that the phone sitting near your desktop is conspiring against you ? The chances of becoming a victim of this type of advanced attack are slim, at least right now.
"This was really hard to do," Traynor said. "But could people do it if they really wanted to? We think yes."