Computer Security: Your iPhone as a key-logger

In the past, we have repeatedly elaborated on the computer security risk of using smartphones. Today, something new for the paranoid: did you know your smart phone can be used to spy on your PC’s keyboard?! 

 

In fact, the tiny accelerometer, gyroscope and orientation sensors that your smartphone uses to determine its tilt and movements can also determine the letters you type on your computer. Thus, it acts as a hardware “key-logger”! It only requires your smartphone to be put close to your computer keyboard and to run a corresponding, malicious app. The rest is done by the highly precise sensors which can record keyboard vibrations and subsequently the letters you type. In a dedicated study, students of the Georgia Tech College of Computing were able to decipher complete sentences with up to 80 percent accuracy using an iPhone*. In a nice twist, the same feature can also be used to “to infer the occurrence of tap events on the touchscreen as well as the tapped positions on the touchscreen”.

But don't worry yet! So far these highly targeted attacks have never been used against CERN. However, this does not mean that your iPhone (or your Android phone) is an innocent little gadget. On the contrary: It is a full-blown pocket PC which needs to be taken care of properly. Update it regularly and be careful when installing additional apps, as some malicious apps are known to infect smart phones (see our articles “iPhones, Androids, and history repeating” and “Is your Android running a temperature?”). Other apps are quite greedy and forward much too much of your personal information stored on your phone - for example, your location, address book and local data - to their data centre for further aggregation, analysis and, presumably, future marketing (more in “Smartphone lost - Privacy gone”).


* Alternatively, wireless keyboards emit sufficient information to reconstruct your key strokes...


Check out our website for further information, answers to your questions and help, or e-mail Computer.Security@cern.ch.

If you want to learn more about computer security incidents and issues at CERN, just follow our Monthly Report.


Access the entire collection of Computer Security articles here.

by Computer Security Team