Using a smartphone as a keylogger for PC
Researchers at the University of Georgia Tech have shown how you can use your smartphone as a keylogger. It turns out that if you put the smartphone next to the keyboard, as millions of users around the world do, then the sensitivity of the built-in accelerometer is enough to distinguish the vibrations of clicking on the individual keyboard keys.
The accuracy of such a “keylogger” is 80%, and not all phone models are suitable, but only the latest generation of smartphones. For example, at first, researchers experimented with the iPhone 3GS, but the results were unsatisfactory. But the iPhone 4 proved to be better thanks to the additional gyroscope, which cleans the noise from the accelerometer.
We can assume that future models of smartphones will determine the vibrations even more precisely, so that such a keylogger can be used in practice.
But why measure the vibrations from the keyboard, you ask if you can just turn on the microphone on your smartphone and listen to the sound of the printed keys, because many tools have been developed for such purposes that work with narrowly focused microphones. Developers respond that in order to take sound from a microphone, it is necessary to bypass security protection in the OS, and potentially malicious software it is easier to get data from the accelerometer. In addition, it is easier to analyze information from the accelerometer than from a microphone, because its data is updated 100 times per second, while the microphone has a sampling rate of 44,000 hertz.
')
The text recognition program does not work with individual vibrations from single presses (this turned out to be too difficult), but with pair vibrations from two keys. For each pair it is determined in which part of the keyboard they are (near or far), near or far from each other. That is, for the four-letter word BAX, there will be three pair combinations: BA (right-left-far), AK (left-left-near), KS (left-left, far).
Having obtained these characteristics for pairs of letters, the program banishes information in the dictionary and searches for suitable words. The technique works more or less normally for well-known words of three or more letters. The program cannot parse the passwords from a random combination of characters.
The accuracy of 80% is obtained in the English text with a dictionary of 58,000 words.
According to the developers, it is very easy to deal with such programs if the developers of smartphones reduce the accelerometer polling frequency from 100 to 50 times per second. The keylogger will not have enough data then, and most normal programs will not notice the difference.
“IPhone (sp): Decoding Vibrations From Nearby Keyboards Using Mobile Phone Accelerometers” will be presented on October 20 at the ACM Computer Security and Communications Conference in Chicago.
The accuracy of such a “keylogger” is 80%, and not all phone models are suitable, but only the latest generation of smartphones. For example, at first, researchers experimented with the iPhone 3GS, but the results were unsatisfactory. But the iPhone 4 proved to be better thanks to the additional gyroscope, which cleans the noise from the accelerometer.
We can assume that future models of smartphones will determine the vibrations even more precisely, so that such a keylogger can be used in practice.
But why measure the vibrations from the keyboard, you ask if you can just turn on the microphone on your smartphone and listen to the sound of the printed keys, because many tools have been developed for such purposes that work with narrowly focused microphones. Developers respond that in order to take sound from a microphone, it is necessary to bypass security protection in the OS, and potentially malicious software it is easier to get data from the accelerometer. In addition, it is easier to analyze information from the accelerometer than from a microphone, because its data is updated 100 times per second, while the microphone has a sampling rate of 44,000 hertz.
')
The text recognition program does not work with individual vibrations from single presses (this turned out to be too difficult), but with pair vibrations from two keys. For each pair it is determined in which part of the keyboard they are (near or far), near or far from each other. That is, for the four-letter word BAX, there will be three pair combinations: BA (right-left-far), AK (left-left-near), KS (left-left, far).
Having obtained these characteristics for pairs of letters, the program banishes information in the dictionary and searches for suitable words. The technique works more or less normally for well-known words of three or more letters. The program cannot parse the passwords from a random combination of characters.
The accuracy of 80% is obtained in the English text with a dictionary of 58,000 words.
According to the developers, it is very easy to deal with such programs if the developers of smartphones reduce the accelerometer polling frequency from 100 to 50 times per second. The keylogger will not have enough data then, and most normal programs will not notice the difference.
“IPhone (sp): Decoding Vibrations From Nearby Keyboards Using Mobile Phone Accelerometers” will be presented on October 20 at the ACM Computer Security and Communications Conference in Chicago.
Source: https://habr.com/ru/post/130759/
All Articles