Page 1 of 2 12 LastLast
Results 1 to 20 of 28

Your favorite Apple, iPhone, iPad, iOS, Jailbreak, and Cydia site.


Thread: iPhone As a Keylogger Tool is Possible

  1. #1
    Default iPhone As a Keylogger Tool is Possible

    Ready for this one? A keylogger tool might be possible on an iPhone because of the accelerometer.

    The iPhone, running the highly secured iOS operating system, is known for being rock solid (but that doesn't mean that it's not without its exploits, as jailbreak hackers Comex, Geohot, i0n1c, and many more have proven over the years). The operating system is as simple as it is complex and yet a couple of researchers from Georgia Tech report that they can use the iPhone's accelerometer to log keystrokes on keyboards that are within a few inches from the device. The accelerometer is the part of the device that helps distinguish the orientation of the device. It has been used for gaming in games such as Real Racing where you need to tilt the device in order to steer your car.

    This shouldn't be confused with an actual iPhone keylogger. This technique will not record the keystrokes on your iPhone that you input, but it will cause the iPhone to be capable of being used as a tool for intercepting keystrokes on a device that is near the iPhone. This might be common if you like to plug your iPhone into your computer to let it charge. One of the researchers from Georgia Tech states that this technique works with more than that of the iPhone, but that it will also work with Android phones and other smartphones on the market. He goes on to clarify that as long as accelerometer manufacturers continue to refine and perfect their chips and technologies, the easier it is to make this attack work.

    As it stands right now, the Georgia Tech researchers have only tested this on an iPhone. For this attack to work the user of the iPhone needs to unintentionally install an app which is made to record this keyboard information. Once they do that, it will start using the data that it receives from the accelerometer when the device is placed a few inches from the victim's keyboard. Another way for this to be made possible is for it to be built into an app that's made to do something else so that the malicious process can run in the background of, say, playing a game.

    So how does it work? The secret lies in how close the device is to the keyboard that you are trying to compromise. The accelerometer is an extremely precise and sensitive piece. When you place the iPhone near a keyboard, for example on the desk right next to your keyboard or laptop, the accelerometer in the iPhone can kinetically recognize the vibrations that come from typing on a keyboard, "Every time you touch a key you create a physical vibration and it's recorded by the accelerometer in the phone" (Traynor). So in that case, you could lay your iPhone next to your kid's computer while they're logging into Facebook and suddenly you could have access to their Facebook account. But, so could a hacker. This information is currently only available to the researchers at Georgia Tech. Will they release it to app developers to make useful apps? Or will hackers find out about it and use it maliciously? Well, that's the big question.

    The tests by the Georgia Tech researchers were done on two iPhones. One was the iPhone 3GS and one was the iPhone 4. The iPhone 3GS did terrible in recording keystrokes (probably because it didn't have the gyroscope). The iPhone 4 on the other hand was super accurate. So accurate, in fact, that it got the right keystroke results 80% of the time. That's pretty nice for just recording desk vibrations from a few inches away. The researchers go on to explain that the process is not simple; in fact, very complex. However it goes to show that there's a huge security problem with smartphone accelerometers. Just so that we are all on the same page, the researchers tell us that the iPhone does not need to be jailbroken for this hack to work. The app just needs to somehow be installed on the iPhone.

    The researchers emphasize that they want accelerometer manufacturers and smartphone manufacturers to understand and prepare for these possible risks, and that is exactly why they performed these tests.

    So what do you think? Leave a comment below!

    Sources: NetworkWorld
    Last edited by Anthony Bouchard; 10-20-2011 at 10:18 AM.

  2. The Following User Says Thank You to Anthony Bouchard For This Useful Post:

    ChSchuldiner (10-20-2011)

  3. #2
    Certified KeyboardSmasher Rakim's Avatar
    Join Date
    May 2009
    Location
    In Texas behind your computer desk tryin to fix what you have broken!!
    Posts
    226
    Thanks
    601
    Thanked 123 Times in 63 Posts

    Default Whats next?!?
    YIKES!!!!!! The capabilities of our iPhones and technology as a whole never ceases to amaze me!!! better watch random iDevices laying next to your macbook or porta-PC in university and or starbucks now!
    Last edited by Rakim; 10-19-2011 at 10:35 PM.

  4. #3
    My iPhone is a Part of Me Mr. Russian's Avatar
    Join Date
    Feb 2011
    Location
    Sacramento, California
    Posts
    511
    Thanks
    32
    Thanked 49 Times in 44 Posts

    Wow this is incredibly powerful and it could be used for good and bad but I bet it would mostly be used for bad.
    CHECK OUT THIS AWESOME THEME
    Windows Vista
    Follow me on Twitter - Mr_Russ1an

  5. #4
    How is it able to tell which key you press, it's not like each key on a keyboard is set up to make a different vibration

  6. #5
    Quote Originally Posted by The Maestro View Post
    How is it able to tell which key you press, it's not like each key on a keyboard is set up to make a different vibration
    The further away the key is, the less powerful the vibration will be. It's EXTREMELY precise. Plus with 80% accuracy, I don't doubt its abilities.
    Last edited by Anthony Bouchard; 10-19-2011 at 11:32 PM.

  7. #6
    I could use this. Mahahaahhahahahahahahahahahahahahahahahhaahhahahah ahahahah
    (Dr. Evil)

  8. #7
    This is nonsense. No vibrations are the same for two keyboards. You'd need to callibrate the iphone for every keyboard and surface its on. There are way too many variables to standardize such a technique. They probably tested this in a really controlled environment.

  9. #8
    Green Apple luketinsley's Avatar
    Join Date
    Jul 2010
    Location
    United States
    Posts
    40
    Thanks
    2
    Thanked 2 Times in 1 Post
    Quote Originally Posted by JacquesChirac View Post
    This is nonsense. No vibrations are the same for two keyboards. You'd need to callibrate the iphone for every keyboard and surface its on. There are way too many variables to standardize such a technique. They probably tested this in a really controlled environment.

    It has nothing to do with the type of keyboard from what I understand....it's all about the distance from *any* keyboard...if it's a few inches to the left of the keyboard, the vibration from the A key will be stronger than that of the L key. That along with how precise the accelerometer is will allow you to decipher the keys pressed. It's really quite fascinating.
    Last edited by luketinsley; 10-20-2011 at 12:12 AM.

  10. #9
    Quote Originally Posted by JacquesChirac View Post
    This is nonsense. No vibrations are the same for two keyboards. You'd need to callibrate the iphone for every keyboard and surface its on. There are way too many variables to standardize such a technique. They probably tested this in a really controlled environment.
    I think it would be simple enough after getting a large enough sample to compute radial distances for the sample, maps qwerty keyboard to it and produce the likely text. So a password wouldn't be enough but type a letter and you're done. It is like any other cryptographic exercise - letter frequencies give you clues, combined with a general model of expected response to key taps.
    Starlight Computer Wizardry
    Pocket-sized Development
    Follow me on twitter: @NetMage

  11. #10
    Super Galactic Moderator Orby's Avatar
    Join Date
    Aug 2010
    Location
    Omicron Persei Eight
    Posts
    5,744
    Thanks
    40
    Thanked 629 Times in 554 Posts

    Quote Originally Posted by JacquesChirac View Post
    This is nonsense. No vibrations are the same for two keyboards. You'd need to callibrate the iphone for every keyboard and surface its on. There are way too many variables to standardize such a technique. They probably tested this in a really controlled environment.
    It's an incredibly unorthodox (and brilliant) side-channel attack. Sure it cannot be standardized--but if it's used in a serious attempt to extract a password being typed on a keyboard in a hostile environment... I'm assuming someone who has the resources to physically part someone from their phone, install this software, and return the phone undetected can also get a rough idea of vibration levels for a particular keyboard, desk, etc. The attacker probably has done enough reconnaissance to know where the person keeps the phone on their desk to account for that as well.

    Also, we're not looking at 99+%, but only ~80% correct prediction rate. This cannot be reliably used as-is in incredibly sensitive (e.g., one-try logins) situations... Honestly, it's probably enough effort to get the whole thing working accurately enough that only high-level espionage firms and/or hackers would use it. I'd also anticipate that they would be going after things secured by more than a static password (that can be keylogged by far easier and/or more conventional methods).

  12. #11
    Livin the iPhone Life KraXik's Avatar
    Join Date
    Mar 2011
    Location
    Winchester, UK
    Posts
    2,636
    Thanks
    2,685
    Thanked 1,757 Times in 894 Posts

    How would it work if I were walking and typing?

  13. #12
    iPhone? More like MyPhone mwr_allen's Avatar
    Join Date
    Nov 2007
    Location
    High Wycombe, Bucks, UK
    Posts
    176
    Thanks
    7
    Thanked 12 Times in 10 Posts

    Will this kind of thing affect iPhones that are not jailbroken? I'm thinking that if Apple can authorise an App that runs tethering in the background then something like this may also go unnoticed.

  14. #13
    Quote Originally Posted by Orby View Post
    It's an incredibly unorthodox (and brilliant) side-channel attack. Sure it cannot be standardized--but if it's used in a serious attempt to extract a password being typed on a keyboard in a hostile environment... I'm assuming someone who has the resources to physically part someone from their phone, install this software, and return the phone undetected can also get a rough idea of vibration levels for a particular keyboard, desk, etc. The attacker probably has done enough reconnaissance to know where the person keeps the phone on their desk to account for that as well.
    Or I could just set up a hidden camera to capture their strokes on video. That's a lot cheaper and easier to do.

    I mean, gimme a break guys! The number of points of failure make this impossible for any practical purpose unless you are an agent of the CIA -- in which case you already have a good bag full of tricks to gather intel that are much more reliable.

  15. #14
    Quote Originally Posted by Adrian232 View Post
    Or I could just set up a hidden camera to capture their strokes on video. That's a lot cheaper and easier to do.

    I mean, gimme a break guys! The number of points of failure make this impossible for any practical purpose unless you are an agent of the CIA -- in which case you already have a good bag full of tricks to gather intel that are much more reliable.
    1+





  16. #15
    Livin the iPhone Life javiert30's Avatar
    Join Date
    Dec 2007
    Location
    New Orleans - Who dat nation
    Posts
    1,224
    Thanks
    80
    Thanked 115 Times in 88 Posts

    That's not going to happen. I work in the field of robotics and automated systems, It have a lot of variables so it can be possible. A lot of things can influence the gyroscope around that iPhone, air, noises, voices, frequencies, just the simple movement of the mouse or keyboard, all of those things and more cause vibrations. If you tell me that maybe with the camera can detect the movement or keyboard due to one specified pattern, ok maybe I can believe it, but with the gyroscope just detecting vibrations... naaaah I got to see that by myself. How it can detect the vibration on one specific key, ok like I read in someone post here, each key have his own vibration, just pressing that key with strength or harder can affect the detection, if it is possible I need to say.

  17. #16
    My iPhone is a Part of Me RandyTG's Avatar
    Join Date
    May 2010
    Location
    NH, USA
    Posts
    911
    Thanks
    2,256
    Thanked 626 Times in 362 Posts

    "However it goes to show that there's a huge security problem...The app just needs to somehow be installed on the iPhone." How can you say there is a HUGE security problem and then say the app needs to be SOMEHOW installed? To install an app someone would need to know your iTunes password first, and if they have that then you are already doomed.

  18. #17
    Quote Originally Posted by Adrian232 View Post
    Or I could just set up a hidden camera to capture their strokes on video. That's a lot cheaper and easier to do.

    I mean, gimme a break guys! The number of points of failure make this impossible for any practical purpose unless you are an agent of the CIA -- in which case you already have a good bag full of tricks to gather intel that are much more reliable.
    I donno about you, but I normally put my phone flat on a table..

  19. #18
    Quote Originally Posted by RandyTG View Post
    "However it goes to show that there's a huge security problem...The app just needs to somehow be installed on the iPhone." How can you say there is a HUGE security problem and then say the app needs to be SOMEHOW installed? To install an app someone would need to know your iTunes password first, and if they have that then you are already doomed.
    Jailbreak can be done very quickly aka jailbreakme (maybe?) in iOS 5.0 and trought cydia you could install anything. Even with the cable, I dont think redsn0w needs any passwords to run?

  20. #19
    I'm fairly sure Geohot never spelled his name with a number 0 in it.

  21. #20
    Quote Originally Posted by Kariodude View Post
    I'm fairly sure Geohot never spelled his name with a number 0 in it.
    +1

    Google: geohot
    About 3,690,000 results (0.07 seconds)

    Google: geoh0t
    About 5,380 results (0.07 seconds)
    Last edited by raduga; 10-20-2011 at 09:28 AM.

Page 1 of 2 12 LastLast
Posting Permissions
  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •