Smart enough are those who can figure out a number from the sounds of the phone dialer, but smarter are now the smartphones. They can reproduce what one types on the keyboard placed about 5 centimeters away. Thus now, change your habit of placing your phones on your tabletops along with the laptops.
Security researchers have found out that an app can be developed to sense the vibrations produced by pressing keys, which can be used by the key-log app in a smart phone placed nearby the keyboard to tell what was typed in. This is possible by using the motion sensor feature already available in smartphones such as iPhone etc.
As a matter of fact, a researcher and his team hailing from Georgia Institute of Technology in Atlanta has developed an iPhone app which could sense the key stroke vibrations and reproduce whatever was typed by the keyboard at a distance of 5 centimeters and with an accuracy as high as 80 percent.
The sensor cannot really discriminate between the individual keys, but they can make out the direction from which vibrations are coming in and how close different vibrations are. These directions are then correlated to a key pattern fed into the phone already, for instance, “CA”, “AN”, “NO”, “OE” is how the word “canoe” typed in was broken down by the app, and then directions specified as “left-left near” for “CA” and “left-right-far” for “OE” and so on.
The words cannot be recognized as they are actually typed in from these broken patterns, but they can provide a clue or a good guess if the context of writing is known. As the team, tested their app by typing in small words like “ballet” etc. for which they had used a dictionary of only about eight hundred words. The choices provided by the patterns to search for the actual word are the best guesses. Probability of guessing the correct word the very first time is as high as 40 percent, whereas as that of finding the right one in the top five guesses is 80 percent. The rest is left to the snooper to figure out, for which knowing the context of the typed material will be a great help.
As with the conventional dialing tones, this app was also possible to be built by using sound sensing feature of the mobiles, but considering it to be a dangerous for users’ security; developers didn’t allow apps to have an access to the phone’s microphone. Motion sensing feature wasn’t expected to be used maliciously thus it is less protected. But well, after this development, the developers will have to restrict access to this feature too. If not, the frail security settings will allow hackers to hide a whole monitoring system in the clothes of an innocent app.
Manufacturers will have to look into the matter of restricting access to the motion sensing feature as it can even sense what is typed into the phone by its own keypad. And if caught by hackers, users will not be able to stop the invasion on their privacy.
Patrick Traynor, the team lead, is of the opinion that such an attack is very unlikely to become common. But if in any case the thing itself bothers you, you can secure your information and stuff by following a couple of tips:
- Keep your laptops at a distance greater than 60 centimeters from any smart phone around. (sensing ability decreases with the distance, thus the further the better)
- Use a stone top desk as to restrict the vibrations from travelling around.
As reviewed by other computer scientist; the attacks are interesting but, the requirement of building a dictionary specifically for this purpose puts a limit to its usefulness. For now, the attack will only help special detectives and spies (like James Bond etc.) who could spend hours deciphering the patterns to obtain results.