Stealth game steals info from Android sensors

Apr 24, 2012 by Nancy Owano report
The attack overview

(Phys.org) -- No joke. A proof-of-concept application for phones running Android pretends to be a fun challenge asking the user to identify identical icons from a bunch of images. All the while the app monitors sensors to identify user information such as PINs and SS numbers. In brief, you are looking at a Trojan that can track what you type into your phone using your phone's motion sensors. The Trojan’s final feat is uploading the info on to the attacker’s controlled computer. The sensor-snooping app is called TapLogger and it was designed to prove a point: Android has yet another security design weakness that allows installed apps free access to motion sensor readings.

In the case of the rogue game, it picks up the phone‘s accelerometer, gyroscope, and orientation to infer digits entered into the device. Attackers would not directly get your keystrokes, but they would get the screen area where you tapped, and reference that with how that lines up with the digital keyboard. Ars Technica details how it works: “By logging the precise changes along three dimensions—azimuth, pitch, and roll—the makes educated guesses about the touchscreen regions that were tapped to generate the orientation changes. TapLogger then maps those regions to the user interface of the screenlock or dial pad of a specific Android phone.”

To crack a four-digit PIN using information from TapLogger, a thief can narrow the number of tries to 81 with an average of a 100-percent chance of success. Using TapLogger to crack a six-digit PIN generates a search space of 729 likely combinations with an average success rate of 80 percent.

The team from Pennsylvania State University and IBM who designed the Trojan app are Zhi Xu, a PhD candidate at PSU, Kun Bai, a researcher at IBM and Sencun Zhu, an associate professor at PSU. They presented their paper, “TapLogger: Inferring User Inputs On Smartphone Touchscreens Using On-board ” to the Fifth ACM Conference on Security and Privacy in Wireless and Mobile Networks in Tucson, Arizona, which ran from April 16 to April 18.

If mobile sensors are the next big thing for the mobile device industry to pursue as new features, mobile sensors will also be the next big area for security thieves to exploit. The problem, say the researchers, is that thieves may get a head start toward an easy target. “While the applications relying on mobile sensing are booming, the security and privacy issues related to such applications are not well understood yet,” say the paper’s authors. “People are still unaware of potential risks of unmanaged sensors on smartphones. To prevent such types of attacks, we see an urgent need for sensing management systems on the existing commodity smartphone platforms.”

In implementing TapLogger as an Android application, the proof-of-concept app did not require any security permission to access the accelerometer and orientation sensors. While the team worked up an Android application, Android may not be the only platform at issue.“The fundamental problem here,” Zhi Xu told Ars Technica, “is that sensing is unmanaged on existing smartphone platforms." iOS devices are not vulnerable to such attacks, unless they are jailbroken. The authors did not discuss on-board sensors in Blackberry devices but they said,”We will address it in our future work.”

Explore further: Tecnalia designs an app to help elderly people get around on public transport

More information: Research paper: www.cse.psu.edu/~szhu/papers/taplogger.pdf

Related Stories

Android mug shots have no lock and key

Mar 04, 2012

(PhysOrg.com) -- If Google loyalists will persist that this Internet Goliath can do no evil, they at least need to admit, based on new evidence this week, that Google can do a lot of mindless harm. A security ...

WalkSafe app shields smartphone pedestrians (w/ video)

Nov 28, 2011

(PhysOrg.com) -- Smartphone users who as pedestrians are not very smart about crossing and looking both ways now have a protective shield in the form of an Android app which they can download for free. A research ...

Android users get malware with their apps

Mar 02, 2011

(PhysOrg.com) -- As new platforms make their way into the market there will always someone who is looking to exploit them for illegal or unethical ends. More proof of that fact has come today when Google was ...

What is the price of free?

Mar 06, 2012

Scientists from the Computer Laboratory at Cambridge University have designed a method to improve privacy control in the Android apps market. The method reaches a balance between the need for developer’s ...

Recommended for you

Google worker shows early-draft glimpse of Chrome OS

Jul 20, 2014

The Chrome OS is in for a future look. Athena, a Chromium OS project, will bring forth the new Chrome OS user experience. Google's François Beaufort on Friday, referring to the screenshot he posted, said," ...

Google eyes Chrome on Windows laptop battery drain

Jul 19, 2014

Google Chrome on Microsoft Windows has been said to have a problem for some time but this week comes news that Google will give it the attention others think the problem quite deserves. Namely, Google is to ...

User comments : 15

Adjust slider to filter visible comments by rank

Display comments: newest first

VitalStatistic63
5 / 5 (2) Apr 24, 2012
A couple of workarounds to combat this...

You could minimise the sensor data by pressing your phone onto a flat hard surface before entering your pin.

Apps asking for pin numbers could put up a randomised number pad with the numbers not in their normal positions and different layouts each time.
Skepticus
2.6 / 5 (7) Apr 24, 2012
I guess in every mega company there is a secret basement department staffed with geeks whose job is to find and engineer demonstrable weaknesses of competitor's products, to torpedo their market shares. Perfectly legal, and making economic sense.
jonnyboy
1 / 5 (1) Apr 24, 2012
nice work a***oles, do you also tell your kids about Santa?
nkalanaga
not rated yet Apr 24, 2012
And if every company does it, sooner or later, the flaws in their own products will also be revealed. Thus, it also makes consumer sense.
Irukanji
1 / 5 (2) Apr 24, 2012
Apps asking for pin numbers could put up a randomised number pad with the numbers not in their normal positions and different layouts each time.


They should, and a few online games also do that, mainly to prevent automated bots but also to prevent people looking over your shoulder and seeing what number you put in
Valentiinro
not rated yet Apr 25, 2012
Apps asking for pin numbers could put up a randomised number pad with the numbers not in their normal positions and different layouts each time.


They should, and a few online games also do that, mainly to prevent automated bots but also to prevent people looking over your shoulder and seeing what number you put in


My bank does something like that for passwords. The pin is still keyboard activated, but there's also an additional password mode when you log in with some random numbers and letters and you need to click the ones to spell out your password.
Eric_B
not rated yet Apr 25, 2012
"it also makes consumer sense."

buy more and be happy!
Kedas
not rated yet Apr 25, 2012
It just proves that the open market needs a 'safe to use apps' certificate and the ability of android to set application rights to use sensors.
zz6549
not rated yet Apr 25, 2012
The fundamental problem is that Android doesn't require permission to access sensors the same way it requires permission to access GPS, to use the vibrator motor, to access the camera, etc.

Correcting this problem is technically very easy; the only challenge will be backwards compatibility with existing applications, which is probably why Google hasn't fixed this yet.
NeutronicallyRepulsive
5 / 5 (4) Apr 25, 2012
Wait.. what about Santa?
Kedas
5 / 5 (1) Apr 25, 2012
Wait.. what about Santa?

He was going to get you a new Android phone, now he is not sure anymore.
hsvt
not rated yet Apr 26, 2012
More important Google should allow the Android user to install a Firewall!

It is now impossible to root one!?

The only reason Google doesn't allow this, is money?
antialias_physorg
not rated yet Apr 29, 2012
nice work a***oles, do you also tell your kids about Santa?

The alternative is to go for 'security by obscurity' - which is the worst possible security mechanism.

There are people out there who will want to use anything they can get their hands on for profit. Better to expose weaknesses in the system than to wait until they do.

My solution: Don't get a smartphone. They're overpriced gadgets chock full of useless 'apps'. Get a phone.
Graeme
not rated yet Apr 29, 2012
You could probably get the same situation with the microphone and camera. Even a magnetic compass may sense metal moving with the finger typing. I guess the password entry applications should just disable all inputs and other running background apps.
kaasinees
1 / 5 (1) Apr 29, 2012
@hsvt its not google that disallows rooting, they even release a special phone that is easy to root.
Its the phone carriers that protect against rooting for legal reasons.
Your phone has a limited cell tower communication law. You carrier is not liable because they prtoect against rooting.