They say hackers could use a smartphone accelerometer to sense keyboard vibrations and decipher complete sentences with up to 80 percent accuracy.
“We first tried our experiments with an iPhone 3GS, and the results were difficult to read,” says assistant professor Patrick Traynor.
“But then we tried an iPhone 4, which has an added gyroscope to clean up the accelerometer noise, and the results were much better. We believe that most smartphones made in the past two years are sophisticated enough to launch this attack.”
The technique works through probability and by detecting pairs of keystrokes, rather than individual keys. It models ‘keyboard events’ in pairs, then determines whether the pair of keys pressed is on the left or the right side of the keyboard, and whether they’re close together or far apart.
It then compares the results against a preloaded dictionary, each word of which has been broken down by similar measurements. The technique only works reliably on words of three or more letters.
For example, the word ‘canoe’ breaks down into four keystroke pairs: C-A, A-N, N-O and O-E. These translate into the detection system’s code as Left-Left-Near, Left-Right-Far, Right-Right-Far and Right-Left-Far.
When this code is compared to the preloaded dictionary, it gives ‘canoe’ as the most statistically probable typed word.
“The way we see this attack working is that you, the phone’s owner, would request or be asked to download an innocuous-looking application, which doesn’t ask you for the use of any suspicious phone sensors,” says PhD student Henry Carter.
“Then the keyboard-detection malware is turned on, and the next time you place your phone next to the keyboard and start typing, it starts listening.”
It’s not too difficult to avoid – the study found an effective range of just three inches from a keyboard. Another option would be to add a layer of security for phone accelerometers.
“The likelihood of someone falling victim to an attack like this right now is pretty low,” says Traynor. “This was really hard to do. But could people do it if they really wanted to? We think yes.”