Using only a smartphone, hackers can listen to what is being written with remarkable precision and access their personal information.
According to researchers at the Southern Methodist University (SMU) based in Dallas, it is possible to access your information in a more subtle way: by using a nearby smartphone to intercept the sound of your writing.
The team of the Darwin Deason Institute of Cybersecurity of SMU discovered that the acoustic signals, or sound waves, produced when we type on the keyboard of a computer can be successfully captured by a smartphone.
It is now possible for hackers to decode what a person is writing on their phone by directing a spying application to the device. What this spying application does is that it takes the microscope of the phone and uses it to detect the sound waves generated by touching the fingers on the touch screens of smartphones. This sound-based attack can not only recover passwords and PIN codes, but also can obtain individual letters and, ultimately, whole words. Such malware can passively exist on a smartphone, within a downloaded application, infected with malware.
This amazing revelation was based on a study by researchers at the University of Cambridge and the Linköping University of Sweden. According to this study, first reported by the Wall Street Journal, the sound waves of writing on a phone can be intercepted and decoded with sophisticated ease as the user of the device marks all accessibility permissions of the application. The researchers say: “Many applications request this permission and most of us blindly accept the list of required permits.”
Sounds intercepted by the phone can be processed, allowing an expert hacker to decipher which keys were pressed and what they were typing.
The researchers were able to decode much of what was being written using common keyboards and smartphones, even in a noisy conference room full of the sounds of other people writing and conversing.
“We were able to learn what people write with a word accuracy rate of 41 percent. And we can extend that, above 41 percent, if we look, say, the 10 main words of what we think it could be, “said Eric C. Larson, an assistant professor in the Computer Department of SMU Lyle School.
It can take only a couple of seconds to get information about what you are writing, said lead author Mitch Thornton, professor of electrical and computer engineering, in an article published in Interactive, Mobile, Wearable and Ubiquitous Technologies.
“Based on what we found, I believe that smartphone manufacturers will have to go back to the drawing board and make sure they are improving the privacy with which people have access to these sensors on a smartphone,” Larson said.
There are many types of sensors in smartphones that make the phone know its orientation and detect when it is sitting still at a table or when they carry it in someone’s pocket.
“Some sensors require the user to give permission to turn them on, but many of them are always on,” Thornton said.
“We use sensors that are always on, so all we had to do was develop a new application that would process the sensor’s output to predict the key pressed by a typist.”
“An attacker would need to know the type of table material,” Larson said, because different tables create different sound waves when he writes. For example, a wooden table like the one used in this study sounds different from someone writing on a metal table.