Your favorite Apple, iPhone, iPad, iOS, Jailbreak, and Cydia site.
10-19-2011, 09:25 PM #1
iPhone As a Keylogger Tool is Possible
Ready for this one? A keylogger tool might be possible on an iPhone because of the accelerometer.
The iPhone, running the highly secured iOS operating system, is known for being rock solid (but that doesn't mean that it's not without its exploits, as jailbreak hackers Comex, Geohot, i0n1c, and many more have proven over the years). The operating system is as simple as it is complex and yet a couple of researchers from Georgia Tech report that they can use the iPhone's accelerometer to log keystrokes on keyboards that are within a few inches from the device. The accelerometer is the part of the device that helps distinguish the orientation of the device. It has been used for gaming in games such as Real Racing where you need to tilt the device in order to steer your car.
This shouldn't be confused with an actual iPhone keylogger. This technique will not record the keystrokes on your iPhone that you input, but it will cause the iPhone to be capable of being used as a tool for intercepting keystrokes on a device that is near the iPhone. This might be common if you like to plug your iPhone into your computer to let it charge. One of the researchers from Georgia Tech states that this technique works with more than that of the iPhone, but that it will also work with Android phones and other smartphones on the market. He goes on to clarify that as long as accelerometer manufacturers continue to refine and perfect their chips and technologies, the easier it is to make this attack work.
As it stands right now, the Georgia Tech researchers have only tested this on an iPhone. For this attack to work the user of the iPhone needs to unintentionally install an app which is made to record this keyboard information. Once they do that, it will start using the data that it receives from the accelerometer when the device is placed a few inches from the victim's keyboard. Another way for this to be made possible is for it to be built into an app that's made to do something else so that the malicious process can run in the background of, say, playing a game.
So how does it work? The secret lies in how close the device is to the keyboard that you are trying to compromise. The accelerometer is an extremely precise and sensitive piece. When you place the iPhone near a keyboard, for example on the desk right next to your keyboard or laptop, the accelerometer in the iPhone can kinetically recognize the vibrations that come from typing on a keyboard, "Every time you touch a key you create a physical vibration and it's recorded by the accelerometer in the phone" (Traynor). So in that case, you could lay your iPhone next to your kid's computer while they're logging into Facebook and suddenly you could have access to their Facebook account. But, so could a hacker. This information is currently only available to the researchers at Georgia Tech. Will they release it to app developers to make useful apps? Or will hackers find out about it and use it maliciously? Well, that's the big question.
The tests by the Georgia Tech researchers were done on two iPhones. One was the iPhone 3GS and one was the iPhone 4. The iPhone 3GS did terrible in recording keystrokes (probably because it didn't have the gyroscope). The iPhone 4 on the other hand was super accurate. So accurate, in fact, that it got the right keystroke results 80% of the time. That's pretty nice for just recording desk vibrations from a few inches away. The researchers go on to explain that the process is not simple; in fact, very complex. However it goes to show that there's a huge security problem with smartphone accelerometers. Just so that we are all on the same page, the researchers tell us that the iPhone does not need to be jailbroken for this hack to work. The app just needs to somehow be installed on the iPhone.
The researchers emphasize that they want accelerometer manufacturers and smartphone manufacturers to understand and prepare for these possible risks, and that is exactly why they performed these tests.
So what do you think? Leave a comment below!
Last edited by Anthony Bouchard; 10-20-2011 at 09:18 AM.
The Following User Says Thank You to Anthony Bouchard For This Useful Post:
10-19-2011, 09:33 PM #2
YIKES!!!!!! The capabilities of our iPhones and technology as a whole never ceases to amaze me!!! better watch random iDevices laying next to your macbook or porta-PC in university and or starbucks now!
Last edited by Rakim; 10-19-2011 at 09:35 PM.
10-19-2011, 10:15 PM #3
10-19-2011, 10:26 PM #4
How is it able to tell which key you press, it's not like each key on a keyboard is set up to make a different vibration
10-19-2011, 10:29 PM #5
10-19-2011, 10:46 PM #6
I could use this. Mahahaahhahahahahahahahahahahahahahahahhaahhahahah ahahahah
10-19-2011, 10:59 PM #7
This is nonsense. No vibrations are the same for two keyboards. You'd need to callibrate the iphone for every keyboard and surface its on. There are way too many variables to standardize such a technique. They probably tested this in a really controlled environment.
10-19-2011, 11:10 PM #8
- Join Date
- Jul 2010
- United States
- Thanked 2 Times in 1 Post
It has nothing to do with the type of keyboard from what I understand....it's all about the distance from *any* keyboard...if it's a few inches to the left of the keyboard, the vibration from the A key will be stronger than that of the L key. That along with how precise the accelerometer is will allow you to decipher the keys pressed. It's really quite fascinating.
Last edited by luketinsley; 10-19-2011 at 11:12 PM.
10-20-2011, 12:19 AM #9
Starlight Computer Wizardry
Follow me on twitter: @NetMage
10-20-2011, 12:27 AM #10
Also, we're not looking at 99+%, but only ~80% correct prediction rate. This cannot be reliably used as-is in incredibly sensitive (e.g., one-try logins) situations... Honestly, it's probably enough effort to get the whole thing working accurately enough that only high-level espionage firms and/or hackers would use it. I'd also anticipate that they would be going after things secured by more than a static password (that can be keylogged by far easier and/or more conventional methods).
10-20-2011, 12:58 AM #11
How would it work if I were walking and typing?
10-20-2011, 01:43 AM #12
Will this kind of thing affect iPhones that are not jailbroken? I'm thinking that if Apple can authorise an App that runs tethering in the background then something like this may also go unnoticed.
10-20-2011, 02:04 AM #13
I mean, gimme a break guys! The number of points of failure make this impossible for any practical purpose unless you are an agent of the CIA -- in which case you already have a good bag full of tricks to gather intel that are much more reliable.
10-20-2011, 03:41 AM #14
10-20-2011, 05:19 AM #15
That's not going to happen. I work in the field of robotics and automated systems, It have a lot of variables so it can be possible. A lot of things can influence the gyroscope around that iPhone, air, noises, voices, frequencies, just the simple movement of the mouse or keyboard, all of those things and more cause vibrations. If you tell me that maybe with the camera can detect the movement or keyboard due to one specified pattern, ok maybe I can believe it, but with the gyroscope just detecting vibrations... naaaah I got to see that by myself. How it can detect the vibration on one specific key, ok like I read in someone post here, each key have his own vibration, just pressing that key with strength or harder can affect the detection, if it is possible I need to say.
10-20-2011, 05:41 AM #16
"However it goes to show that there's a huge security problem...The app just needs to somehow be installed on the iPhone." How can you say there is a HUGE security problem and then say the app needs to be SOMEHOW installed? To install an app someone would need to know your iTunes password first, and if they have that then you are already doomed.
10-20-2011, 06:11 AM #17
10-20-2011, 07:13 AM #18
10-20-2011, 07:33 AM #19
I'm fairly sure Geohot never spelled his name with a number 0 in it.
10-20-2011, 07:45 AM #20