Ready for this one? A keylogger tool might be possible on an iPhone because of the accelerometer.
The iPhone, running the highly secured iOS operating system, is known for being rock solid (but that doesn't mean that it's not without its exploits, as jailbreak hackers Comex, Geohot, i0n1c, and many more have proven over the years). The operating system is as simple as it is complex and yet a couple of researchers from Georgia Tech report that they can use the iPhone's accelerometer to log keystrokes on keyboards that are within a few inches from the device. The accelerometer is the part of the device that helps distinguish the orientation of the device. It has been used for gaming in games such as Real Racing
where you need to tilt the device in order to steer your car.
This shouldn't be confused with an actual iPhone keylogger. This technique will not record the keystrokes on your iPhone that you input, but it will cause the iPhone to be capable of being used as a tool for intercepting keystrokes on a device that is near the iPhone. This might be common if you like to plug your iPhone into your computer to let it charge. One of the researchers from Georgia Tech states that this technique works with more than that of the iPhone, but that it will also work with Android phones and other smartphones on the market. He goes on to clarify that as long as accelerometer manufacturers continue to refine and perfect their chips and technologies, the easier it is to make this attack work.
As it stands right now, the Georgia Tech researchers have only tested this on an iPhone. For this attack to work the user of the iPhone needs to unintentionally install an app which is made to record this keyboard information. Once they do that, it will start using the data that it receives from the accelerometer when the device is placed a few inches from the victim's keyboard. Another way for this to be made possible is for it to be built into an app that's made to do something else so that the malicious process can run in the background of, say, playing a game.
So how does it work? The secret lies in how close the device is to the keyboard that you are trying to compromise. The accelerometer is an extremely precise and sensitive piece. When you place the iPhone near a keyboard, for example on the desk right next to your keyboard or laptop, the accelerometer in the iPhone can kinetically recognize the vibrations that come from typing on a keyboard, "Every time you touch a key you create a physical vibration and it's recorded by the accelerometer in the phone" (Traynor). So in that case, you could lay your iPhone next to your kid's computer while they're logging into Facebook and suddenly you could have access to their Facebook account. But, so could a hacker. This information is currently only available to the researchers at Georgia Tech. Will they release it to app developers to make useful apps? Or will hackers find out about it and use it maliciously? Well, that's the big question.
The tests by the Georgia Tech researchers were done on two iPhones. One was the iPhone 3GS and one was the iPhone 4. The iPhone 3GS did terrible in recording keystrokes (probably because it didn't have the gyroscope). The iPhone 4 on the other hand was super accurate. So accurate, in fact, that it got the right keystroke results 80% of the time. That's pretty nice for just recording desk vibrations from a few inches away. The researchers go on to explain that the process is not simple; in fact, very complex. However it goes to show that there's a huge security problem with smartphone accelerometers. Just so that we are all on the same page, the researchers tell us that the iPhone does not need to be jailbroken for this hack to work. The app just needs to somehow be installed on the iPhone.
The researchers emphasize that they want accelerometer manufacturers and smartphone manufacturers to understand and prepare for these possible risks, and that is exactly why they performed these tests.
So what do you think? Leave a comment below!