The sensors inside modern smart phones present a range of security threats. An attacker who compromises a phone can, for example, track the owner’s location by GPS, use the camera to see the phone’s surroundings, or turn on its microphone to record conversations.
At a conference in Chicago on Thursday, a group of computer researchers from Georgia Tech will report on another potential threat. The researchers have shown that the accelerometer and orientation sensor of a phone resting on a surface can be used to eavesdrop as a password is entered using a keyboard on the same surface. They were able to capture the words typed on the keyboard with as much as 80 percent accuracy.
“There is information that is being leaked, and of the hardware on your phone, the accelerometer is the one thing that no one ever worried about,” says Patrick Traynor, assistant professor in the school of computer science at Georgia Tech and a member of the research team. “No one thought that you could turn on the accelerometer and get any meaningful data.”
The accelerometer in the phone the researchers used samples only 100 times a second, so they did not have enough data to determine the exact keys struck. Instead, the researchers used the data from the accelerometer to determine whether key taps were on the right or left side of the keyboard and to gauge the delays between keystrokes. Using this information, they were able to figure out a list of potential keystroke pairs. The results were then compared with a 58,000-entry dictionary. They will present the work at the ACM Conference on Computer and Communications Security.
When designing an embedded system choosing which tools to use often comes down to building a custom solution or buying off-the-shelf tools.