
Get into the office, sit down at the computer and lay your cellphone on the desk 鈥 a ritual that millions play out every morning, but one that could reveal more than you expect. Security researchers have discovered they can detect the vibrations caused by using a computer keyboard and read off what is being typed simply by placing a smartphone with a keylogging app on the desk nearby.
and colleagues at the Georgia Institute of Technology in Atlanta were able to use the motion sensors inside an iPhone to read keystrokes from a keyboard 5聽centimetres away with up to 80 per cent accuracy.
The sensors don鈥檛 recognise the vibrations of particular individual keys, but for consecutive pairs of keystrokes they can tell whether the keys are on the left or right of the keyboard and how close together they are. This information is then matched to a dictionary to recreate the typed word. For example, the word 鈥渃anoe鈥 breaks down into four pairs: 鈥淐A鈥, 鈥淎N鈥, 鈥淣O鈥 and 鈥淥E鈥. The first pair is classified as left-left-near, the second is left-right-far, and so on.
Advertisement
The resulting patterns aren鈥檛 unique to a particular word, but they are good enough to reconstruct a message when you already know something about its contents. The team tested their algorithm on a dictionary of 799 words such as 鈥渕ayor鈥 and 鈥渂allot鈥 gathered from news articles about an election in Chicago. The algorithm provided its best guesses for matching patterns to words, identifying the correct word as a first guess 40 per cent of the time and as one of the top five guesses 80 per cent of the time. 鈥淐ontext can help us figure out what was really typed when mistakes are made,鈥 says Traynor 鈥 and a human attacker could fill in the blanks by making their own guesses.
Easy hacking
This kind of eavesdropping was already possible by monitoring the sound of typing, but apps are not normally allowed to access a handset鈥檚 microphone without the user鈥檚 permission. Motion sensors are less well protected, in part because it was assumed they couldn鈥檛 be used maliciously. That would make it easy for an attacker to hide a monitoring system inside an innocent-looking app. 鈥淭he sampling rate of the accelerometers is so low that, before this work, it was not clear that they could be used to capture this kind of valuable data,鈥 says Traynor.
It鈥檚 possible that manufacturers should revise their assessment, as motion sensors can also reveal what is being typed on the phone鈥檚 own keyboard. Until that happens, what can you do to protect yourself from snooping?
Traynor says it鈥檚 unlikely that this kind of attack will become common in mobile malware, but there is an easy fix if you鈥檙e worried: 鈥淥ne of the simplest protections is to move your phone over 2聽feet [60 centimetres] from the keyboard,鈥 he says, as the attack鈥檚 accuracy quickly drops off with distance. Another option would be to invest in a stone-topped desk, which would prevent vibrations from travelling.
, a computer scientist at the University of Cambridge, says the attack is an interesting idea but the need for a specifically tailored dictionary limits its usefulness. 鈥淚t puts the attack very much at the James Bond end of the spectrum,鈥 he says. 鈥淭his will require an expert spending an enormous amount of time tweaking things in order to get a result out.鈥