Smartphone snoopingSmartphone can spy on computer keyboard strikes
In hundreds of millions of offices around the world, this routine repeats itself every day: People sit down, turn on their computers, set their mobile phones on their desks, and begin to work; now, what if a hacker could use that phone to track what the person was typing on the keyboard just inches away?
In hundreds of millions of offices around the world, this routine repeats itself every day: People sit down, turn on their computers, set their mobile phones on their desks, and begin to work. Now, what if a hacker could use that phone to track what the person was typing on the keyboard just inches away?
A Georgia Tech release reports that a research team at Georgia Tech has discovered how to do exactly that, using a smartphone accelerometer — the internal device that detects when and how the phone is tilted — to sense keyboard vibrations and decipher complete sentences with up to 80 percent accuracy. The procedure is not easy, the researchers say, but is definitely possible with the latest generations of smartphones.
“We first tried our experiments with an iPhone 3GS, and the results were difficult to read,” said Patrick Traynor, assistant professor in Georgia Tech’s School of Computer Science. “But then we tried an iPhone 4, which has an added gyroscope to clean up the accelerometer noise, and the results were much better. We believe that most smartphones made in the past two years are sophisticated enough to launch this attack.”
Previously, Traynor said, researchers have accomplished similar results using microphones, but a microphone is a much more sensitive instrument than an accelerometer. A typical smartphone’s microphone samples vibration roughly 44,000 times per second, while even newer phones’ accelerometers sample just 100 times per second — two full orders of magnitude less often. Plus, manufacturers have installed security around a phone’s microphone; the phone’s operating system is programmed to ask users whether to give new applications access to most built-in sensors, including the microphone. Accelerometers typically are not protected in this way.
The release notes that the technique works through probability and by detecting pairs of keystrokes, rather than individual keys (which still is too difficult to accomplish reliably, Traynor said). It models “keyboard events” in pairs, then determines whether the pair of keys pressed is on the left versus right side of the keyboard, and whether they are close together or far apart. After the system has determined these characteristics for each pair of keys depressed, it compares the results against a preloaded dictionary, each word of which has been broken down along similar measurements (that is, are the letters left/right, near/far on a standard QWERTY keyboard). The release notes that the technique only works reliably on words of three
