If you you are planning to do nasty things by capturing keystrokes on a smartphone, there are very good chances that you would get caught. Keyloggers have been long popular on windows, but on smartphones it can be tougher to get through unless you deploy smart ways.
Researchers from the University of California Davis, have successfully decoded the keystrokes on an Android on-screen keyboard by measuring the wiggles, jiggles, and vibrations picked up by the device’s accelerometer caused by pressing onscreen keys. Hao Chen and Lian Cai claim that this is a big deal coz almost any app can use the accelerometer without attracting user attention. Accelerometer data can sure be collected in the background, without a clue.
Any script kiddie can do it on windows, but smartphones have a more robust approach to applications and permissions, that makes it even harder.
How Accelerometer is used as Keylogger [PDF whitepaper]
Using the 3-axis of the accelerometer, keylogger can be built with accuracy of upto 71.5%, on an average.
Every key has a unique “pitch, roll and yaw” fingerprint that can be identified absed on the sample data that had been compiled in advance. The data looks like the patterns below.
The accuracy actually depends on the sensitivity of the accelerometer, so it varies from device to device. Newer Android phone’s accelerometer have response times of the order of 30ms vs 110ms on older ones like Original Motorola Droid.
The motion of a smartphone during typing depends on several factors: 1) the striking force of the typing fin- ger; 2) the resistance force of the supporting hand; 3) the landing location of the typing finger; and 4) the location of the supporting hand on the smartphone. The first two factors mainly affect the shift of the phone, while the lat- ter two mainly affects the rotation. We observe that the first two factors likely depend on the user, while the lat- ter two are likely to be user-independent because (1) on each soft keyboard configuration, each key is at a fixed location, and (2) a user typically holds her smartphone in a consistent way. Therefore, we would like to extract the rotation components while filtering out the shift compo- nents from motion sensor data.
Achieving 71.5% accuracy, on average across all devices, for numpad keys is a good number to begin with.
TouchLogger performs even better on larger and newer devices like tablets, given that they have gyroscopes and better cameras.
Although this cannot be considered a bug in Android or any other smartphone, its sure is hardest to get rid of. Even by capturing numbers alone, enough private data about user can be collected.
The app would be demoed at HotSec in San Francisco next week.