hoodlum
MuscleHead
- Jan 3, 2012
- 903
- 172
I've been noticing more and more people posting and taking an interest in technology today and especially surveillance since Edward Snowden has put the government's black channel operations in to the spot light so I decided to make a short thread to show the potential threat which technology poses. Hopefully this thread will help to open some people's eyes on the power of technology and how powerful it can be as a surveillance tool. What I'm posting about isn't new, it was done in 2011 but still no known versions of this have been found 'in the wild' and honestly this type of thing would probably be innovative enough that Apple would 'codecheck' it themselves and not see anything wrong with the data being recorded, so you could expect this exact technology in popular App Store & Google Play legitimate applications without arising suspicion from the overseers.
All you have to do is put your phone on a table and it will capture all of your computer passwords!
What these researchers basically did was turn a smart phone (in this case an iPhone but the same concept translates perfectly to all high-end Androids) in to equipment that could keylog your computer and capture your passwords even if the two had never been connected or made contact! Instead of traditional methods they used the accelerometer to detect changes and were able to get 80% accuracy!
Abstract:
"Mobile phones are increasingly equipped with a range of highly responsive sensors. From cameras and GPS receivers to three-axis accelerometers, applications running on these devices are able to experience rich interactions with their environment. Unfortunately, some applications may be able to use such sensors to monitor their surroundings in unintended ways. In this paper, we demonstrate that an application with access to accelerometer readings on a modern mobile phone can use such information to recover text entered on a nearby keyboard. Note that unlike previous emanation recovery papers, the accelerometers on such devices sample at near the Nyquist rate, making previous techniques unworkable. Our application instead detects and decodes keystrokes by measuring the relative physical position and distance between each vibration. We then match abstracted words against candidate dictionaries and record word recovery rates as high as 80%. In so doing, we demonstrate the potential to recover significant information from the vicinity of a mobile device without gaining access to resources generally considered to be the most likely sources of leakage (e.g., microphone, camera)."
To quote Wired on how the program was designed:
As an example, the word “canoe” is made up of four keystroke pairs. These are: “C-A, A-N, N-O and O-E”. The code is translated by the program as Left-Left-Near, Left-Right-Far, Right-Right-Far and Right-Left-Far. This is compared to the dictionary (that has also been translated according to this code) and then suggests the most likely word. With a dictionary of around 58,000 words, the system has achieved word-detection rates as high as 80 percent. (http://www.wired.com/wiredscience/2011/10/iphone-keylogger-spying/)
Now you might think that 80% accuracy isn't good enough but I can assure you that is wrong, technology has evolved since then. They were using an iPhone 4 and with iPhone 5S being the current market leader there have been significant improvements in technology which would make this attack far more accurate. Along with that combining this with other attack methods like a brute force attack would mean that the time taken would be significantly reduced, a password normally taking 100 days to brute force could be cracked in as little as 16 hours. They could also combine their technology with similar microphone technology to improve accuracy drastically. A microphone takes around 44,000 samples per second compared to the accelerometer taking around 100 samples per second.
(sp)iPhone: Decoding Vibrations From Nearby Keyboards Using Mobile Phone Accelerometers
Original Paper: (Multiple links incase one goes dead)
http://www.cc.gatech.edu/~traynor/papers/traynor-ccs11.pdf
http://www.cs.uml.edu/~xinwenfu/Cla...yboards using mobile phone accelerometers.pdf
Similar Research:
http://www.hotmobile.org/2012/papers/HotMobile12-final42.pdf
All you have to do is put your phone on a table and it will capture all of your computer passwords!
What these researchers basically did was turn a smart phone (in this case an iPhone but the same concept translates perfectly to all high-end Androids) in to equipment that could keylog your computer and capture your passwords even if the two had never been connected or made contact! Instead of traditional methods they used the accelerometer to detect changes and were able to get 80% accuracy!
Abstract:
"Mobile phones are increasingly equipped with a range of highly responsive sensors. From cameras and GPS receivers to three-axis accelerometers, applications running on these devices are able to experience rich interactions with their environment. Unfortunately, some applications may be able to use such sensors to monitor their surroundings in unintended ways. In this paper, we demonstrate that an application with access to accelerometer readings on a modern mobile phone can use such information to recover text entered on a nearby keyboard. Note that unlike previous emanation recovery papers, the accelerometers on such devices sample at near the Nyquist rate, making previous techniques unworkable. Our application instead detects and decodes keystrokes by measuring the relative physical position and distance between each vibration. We then match abstracted words against candidate dictionaries and record word recovery rates as high as 80%. In so doing, we demonstrate the potential to recover significant information from the vicinity of a mobile device without gaining access to resources generally considered to be the most likely sources of leakage (e.g., microphone, camera)."
To quote Wired on how the program was designed:
As an example, the word “canoe” is made up of four keystroke pairs. These are: “C-A, A-N, N-O and O-E”. The code is translated by the program as Left-Left-Near, Left-Right-Far, Right-Right-Far and Right-Left-Far. This is compared to the dictionary (that has also been translated according to this code) and then suggests the most likely word. With a dictionary of around 58,000 words, the system has achieved word-detection rates as high as 80 percent. (http://www.wired.com/wiredscience/2011/10/iphone-keylogger-spying/)
Now you might think that 80% accuracy isn't good enough but I can assure you that is wrong, technology has evolved since then. They were using an iPhone 4 and with iPhone 5S being the current market leader there have been significant improvements in technology which would make this attack far more accurate. Along with that combining this with other attack methods like a brute force attack would mean that the time taken would be significantly reduced, a password normally taking 100 days to brute force could be cracked in as little as 16 hours. They could also combine their technology with similar microphone technology to improve accuracy drastically. A microphone takes around 44,000 samples per second compared to the accelerometer taking around 100 samples per second.
(sp)iPhone: Decoding Vibrations From Nearby Keyboards Using Mobile Phone Accelerometers
Original Paper: (Multiple links incase one goes dead)
http://www.cc.gatech.edu/~traynor/papers/traynor-ccs11.pdf
http://www.cs.uml.edu/~xinwenfu/Cla...yboards using mobile phone accelerometers.pdf
Similar Research:
http://www.hotmobile.org/2012/papers/HotMobile12-final42.pdf