• Your favorite

    Apple

    ,

    iPhone

    ,

    iPad

    ,

    iOS

    ,
    Jailbreak
    , and
    Cydia
    site.
  • iPhone As a Keylogger Tool is Possible

    Ready for this one? A keylogger tool might be possible on an iPhone because of the accelerometer.

    The iPhone, running the highly secured iOS operating system, is known for being rock solid (but that doesn't mean that it's not without its exploits, as jailbreak hackers Comex, Geohot, i0n1c, and many more have proven over the years). The operating system is as simple as it is complex and yet a couple of researchers from Georgia Tech report that they can use the iPhone's accelerometer to log keystrokes on keyboards that are within a few inches from the device. The accelerometer is the part of the device that helps distinguish the orientation of the device. It has been used for gaming in games such as Real Racing where you need to tilt the device in order to steer your car.

    This shouldn't be confused with an actual iPhone keylogger. This technique will not record the keystrokes on your iPhone that you input, but it will cause the iPhone to be capable of being used as a tool for intercepting keystrokes on a device that is near the iPhone. This might be common if you like to plug your iPhone into your computer to let it charge. One of the researchers from Georgia Tech states that this technique works with more than that of the iPhone, but that it will also work with Android phones and other smartphones on the market. He goes on to clarify that as long as accelerometer manufacturers continue to refine and perfect their chips and technologies, the easier it is to make this attack work.

    As it stands right now, the Georgia Tech researchers have only tested this on an iPhone. For this attack to work the user of the iPhone needs to unintentionally install an app which is made to record this keyboard information. Once they do that, it will start using the data that it receives from the accelerometer when the device is placed a few inches from the victim's keyboard. Another way for this to be made possible is for it to be built into an app that's made to do something else so that the malicious process can run in the background of, say, playing a game.

    So how does it work? The secret lies in how close the device is to the keyboard that you are trying to compromise. The accelerometer is an extremely precise and sensitive piece. When you place the iPhone near a keyboard, for example on the desk right next to your keyboard or laptop, the accelerometer in the iPhone can kinetically recognize the vibrations that come from typing on a keyboard, "Every time you touch a key you create a physical vibration and it's recorded by the accelerometer in the phone" (Traynor). So in that case, you could lay your iPhone next to your kid's computer while they're logging into Facebook and suddenly you could have access to their Facebook account. But, so could a hacker. This information is currently only available to the researchers at Georgia Tech. Will they release it to app developers to make useful apps? Or will hackers find out about it and use it maliciously? Well, that's the big question.

    The tests by the Georgia Tech researchers were done on two iPhones. One was the iPhone 3GS and one was the iPhone 4. The iPhone 3GS did terrible in recording keystrokes (probably because it didn't have the gyroscope). The iPhone 4 on the other hand was super accurate. So accurate, in fact, that it got the right keystroke results 80% of the time. That's pretty nice for just recording desk vibrations from a few inches away. The researchers go on to explain that the process is not simple; in fact, very complex. However it goes to show that there's a huge security problem with smartphone accelerometers. Just so that we are all on the same page, the researchers tell us that the iPhone does not need to be jailbroken for this hack to work. The app just needs to somehow be installed on the iPhone.

    The researchers emphasize that they want accelerometer manufacturers and smartphone manufacturers to understand and prepare for these possible risks, and that is exactly why they performed these tests.

    So what do you think? Leave a comment below!

    Sources: NetworkWorld
    This article was originally published in forum thread: iPhone As a Keylogger Tool is Possible started by Anthony Bouchard View original post
    Comments 27 Comments
    1. iBwizzle's Avatar
      iBwizzle -
      I have "KeyLogger" installed on my iPhone 4. When ever my girl_friend ask to use my iPhone I toggle on the "KBLogger" from Mobile Substrate Add-ons in SBSettings.
    1. havoc0351's Avatar
      havoc0351 -
      Quote Originally Posted by Rakim View Post
      YIKES!!!!!! The capabilities of our iPhones and technology as a whole never ceases to amaze me!!! better watch random iDevices laying next to your macbook or porta-PC in university and or starbucks now!
      +1 I'll definitely be on the lookout now for random people around me that are too close for comfort... oh wait, I already do.
    1. Adrian232's Avatar
      Adrian232 -
      Quote Originally Posted by RandyTG View Post
      "However it goes to show that there's a huge security problem...The app just needs to somehow be installed on the iPhone." How can you say there is a HUGE security problem and then say the app needs to be SOMEHOW installed? To install an app someone would need to know your iTunes password first, and if they have that then you are already doomed.
      Well, actually, the concern here is that it would just require that the software is installed. You're forgetting about viruses, trojans, etc. The iPhone, while it may be very secure, is not immune to these. In fact all of the "untethered jailbreaks" that get released exploit a vulnerability in the iPhone to install the jailbreak software. So if that were used in a more malicious fashion, then installing an app on someone's iPhone would be the easiest part of the process.

      However, once your iPhone locks or you switch apps, all the app activity would cease anyway. So it's a neat concept, but the rest of the process would be too difficult to be practical (at least on an iPhone).
    1. Raeki's Avatar
      Raeki -
      This sounds a bit far fetched...I can't really imagine an iPhone's accelometer being that precise, especially one after daily use and a few drops. Even so, the vibrations range depending on the material of the surface, and also depending on the keyboard you may have the smash the keys to get any vibration on the desk.Not to mention, unless the iPhone is placed perfectly in a pre-set location, you would need to calibrate it if it's off angle. Plus, what if someone is tapping their fingers?I am skeptical that an iphone placed on my desk right now would pick up any of the vibrations from my keyboard. I mean, I gues I'm arguing the legitimacy of this, but my gues is that they're testing on some very controlled surface; something that REALLY vibrates, someone typing relatively hard, with nothing else on the table, the iPhone pre-callibrated and right smack up to the computer.Cool, but I"ll have to see it working to convince me this is really practicle
    1. Mlitz69's Avatar
      Mlitz69 -
      Quote Originally Posted by KraXik View Post
      How would it work if I were walking and typing?
      How would u walk while typing on a pc keyboard?
    1. Anthony Bouchard's Avatar
      Anthony Bouchard -
      Quote Originally Posted by Raeki View Post
      This sounds a bit far fetched...I can't really imagine an iPhone's accelometer being that precise, especially one after daily use and a few drops. Even so, the vibrations range depending on the material of the surface, and also depending on the keyboard you may have the smash the keys to get any vibration on the desk.Not to mention, unless the iPhone is placed perfectly in a pre-set location, you would need to calibrate it if it's off angle. Plus, what if someone is tapping their fingers?I am skeptical that an iphone placed on my desk right now would pick up any of the vibrations from my keyboard. I mean, I gues I'm arguing the legitimacy of this, but my gues is that they're testing on some very controlled surface; something that REALLY vibrates, someone typing relatively hard, with nothing else on the table, the iPhone pre-callibrated and right smack up to the computer.Cool, but I"ll have to see it working to convince me this is really practicle
      This isn't a theory. They've done it numerous times in their studies. It's been proven and they've taken note of that before releasing the information to the public.
    1. Co1d Night's Avatar
      Co1d Night -
      Must test this for myself. Going to start finding the name of the program that'll do it. If anything, my iPod would do it.