Can iPhone’s accelerometer be used to spy on your keystrokes?

19 Oct 2011

Share on FacebookTweet about this on TwitterShare on LinkedInShare on Google+Pin on PinterestShare on RedditEmail this to someone

Share on FacebookTweet about this on TwitterShare on LinkedInShare on Google+Pin on PinterestShare on RedditEmail this to someone

Researchers at Georgia Tech have succeeded in turning the iPhone into a spy phone. The team has discovered a hacker could use the iPhone placed inches from your keyboard to track what you’re typing.

The research team discovered a smartphone accelerometer could sense keyboard vibrations and decipher complete sentences with up to 80pc accuracy.

“We first tried our experiments with an iPhone 3GS, and the results were difficult to read,” said Patrick Traynor, assistant professor in Georgia Tech’s School of Computer Science.

“But then we tried an iPhone 4, which has an added gyroscope to clean up the accelerometer noise, and the results were much better. We believe that most smartphones made in the past two years are sophisticated enough to launch this attack.”

According to the team, a typical smartphone’s microphone samples vibration roughly 44,000 times per second, while even newer phones’ accelerometers sample just 100 times per second — two full orders of magnitude less often.

The technique works through probability and by detecting pairs of keystrokes, rather than individual keys.

It models “keyboard events” in pairs, then determines whether the pair of keys pressed is on the left versus right side of the keyboard, and whether they are close together or far apart.

After the system has determined these characteristics for each pair of keys depressed, it compares the results against a preloaded dictionary, each word of which has been broken down along similar measurements (ie, are the letters left/right, near/far on a standard QWERTY keyboard). Finally, the technique only works reliably on words of three or more letters.

For example, take the word “canoe,” which when typed breaks down into four keystroke pairs: “C-A, A-N, N-O and O-E.” Those pairs then translate into the detection system’s code as follows: Left-Left-Near, Left-Right-Far, Right-Right-Far and Right-Left-Far, or LLN-LRF-RRF-RLF.

This code is then compared to the preloaded dictionary and yields “canoe” as the statistically probable typed word. Working with dictionaries comprising about 58,000 words, the system reached word-recovery rates as high as 80pc.

“The way we see this attack working is that you, the phone’s owner, would request or be asked to download an innocuous-looking application, which doesn’t ask you for the use of any suspicious phone sensors,” said Henry Carter, a PhD student in computer science and one of the study’s co-authors.

“Then the keyboard-detection malware is turned on, and the next time you place your phone next to the keyboard and start typing, it starts listening.”

Editor John Kennedy is an award-winning technology journalist.

editorial@siliconrepublic.com