Proof-of-Concept Android Trojan Uses Motion Sensors To Steal Passwords 105
Posted
by
Soulskill
from the for-when-normal-keylogging-is-just-too-precise dept.
from the for-when-normal-keylogging-is-just-too-precise dept.
judgecorp writes "TapLogger, a proof-of-concept Trojan for Android developed by resarchers at Pennsylvania State University and IBM, uses information from the phone's motion sensor to deduce what keys the user has tapped (PDF), thus revealing otherwise-hidden information such as passwords and PINs."
Well, that's pretty clever (Score:5, Informative)
According to TFA, the idea is actually somebody else's and previously published. This is an extension of the idea that uses a training phase, presumably a part of the Trojan where the user interacts with the phone for benign reasons (perhaps playing a game or entering data for a legitimate purpose) that it uses to calibrate the correlation between taps and the accelerometers.
It's pretty clever. Presumably, it can be defeated by refusing to allow background apps to have access to the sensors, though I can imagine applications where you want to allow that kind of thing (pedometers, for example).