Stealth game steals info from Android sensors

Stealth game steals info from Android sensors
The attack overview

(Phys.org) -- No joke. A proof-of-concept application for phones running Android pretends to be a fun challenge asking the user to identify identical icons from a bunch of images. All the while the app monitors sensors to identify user information such as PINs and SS numbers. In brief, you are looking at a Trojan that can track what you type into your phone using your phone's motion sensors. The Trojan’s final feat is uploading the info on to the attacker’s controlled computer. The sensor-snooping app is called TapLogger and it was designed to prove a point: Android has yet another security design weakness that allows installed apps free access to motion sensor readings.

In the case of the rogue game, it picks up the phone‘s accelerometer, gyroscope, and orientation to infer digits entered into the device. Attackers would not directly get your keystrokes, but they would get the screen area where you tapped, and reference that with how that lines up with the digital keyboard. Ars Technica details how it works: “By logging the precise changes along three dimensions—azimuth, pitch, and roll—the makes educated guesses about the touchscreen regions that were tapped to generate the orientation changes. TapLogger then maps those regions to the user interface of the screenlock or dial pad of a specific Android phone.”

To crack a four-digit PIN using information from TapLogger, a thief can narrow the number of tries to 81 with an average of a 100-percent chance of success. Using TapLogger to crack a six-digit PIN generates a search space of 729 likely combinations with an average success rate of 80 percent.

The team from Pennsylvania State University and IBM who designed the Trojan app are Zhi Xu, a PhD candidate at PSU, Kun Bai, a researcher at IBM and Sencun Zhu, an associate professor at PSU. They presented their paper, “TapLogger: Inferring User Inputs On Smartphone Touchscreens Using On-board ” to the Fifth ACM Conference on Security and Privacy in Wireless and Mobile Networks in Tucson, Arizona, which ran from April 16 to April 18.

If mobile sensors are the next big thing for the mobile device industry to pursue as new features, mobile sensors will also be the next big area for security thieves to exploit. The problem, say the researchers, is that thieves may get a head start toward an easy target. “While the applications relying on mobile sensing are booming, the security and privacy issues related to such applications are not well understood yet,” say the paper’s authors. “People are still unaware of potential risks of unmanaged sensors on smartphones. To prevent such types of attacks, we see an urgent need for sensing management systems on the existing commodity smartphone platforms.”

In implementing TapLogger as an Android application, the proof-of-concept app did not require any security permission to access the accelerometer and orientation sensors. While the team worked up an Android application, Android may not be the only platform at issue.“The fundamental problem here,” Zhi Xu told Ars Technica, “is that sensing is unmanaged on existing smartphone platforms." iOS devices are not vulnerable to such attacks, unless they are jailbroken. The authors did not discuss on-board sensors in Blackberry devices but they said,”We will address it in our future work.”


Explore further

Android Security Alert: Trojan GGTracker subscribes users to premium SMS services

More information: Research paper: www.cse.psu.edu/~szhu/papers/taplogger.pdf

© 2012 Phys.Org

Citation: Stealth game steals info from Android sensors (2012, April 24) retrieved 18 October 2019 from https://phys.org/news/2012-04-stealth-game-info-android-sensors.html
This document is subject to copyright. Apart from any fair dealing for the purpose of private study or research, no part may be reproduced without the written permission. The content is provided for information purposes only.
0 shares

Feedback to editors

User comments

Apr 24, 2012
A couple of workarounds to combat this...

You could minimise the sensor data by pressing your phone onto a flat hard surface before entering your pin.

Apps asking for pin numbers could put up a randomised number pad with the numbers not in their normal positions and different layouts each time.

Apr 24, 2012
I guess in every mega company there is a secret basement department staffed with geeks whose job is to find and engineer demonstrable weaknesses of competitor's products, to torpedo their market shares. Perfectly legal, and making economic sense.

Apr 24, 2012
Apps asking for pin numbers could put up a randomised number pad with the numbers not in their normal positions and different layouts each time.


They should, and a few online games also do that, mainly to prevent automated bots but also to prevent people looking over your shoulder and seeing what number you put in

Apr 25, 2012
Apps asking for pin numbers could put up a randomised number pad with the numbers not in their normal positions and different layouts each time.


They should, and a few online games also do that, mainly to prevent automated bots but also to prevent people looking over your shoulder and seeing what number you put in


My bank does something like that for passwords. The pin is still keyboard activated, but there's also an additional password mode when you log in with some random numbers and letters and you need to click the ones to spell out your password.

Apr 25, 2012
"it also makes consumer sense."

buy more and be happy!

Apr 25, 2012
It just proves that the open market needs a 'safe to use apps' certificate and the ability of android to set application rights to use sensors.

Apr 25, 2012
The fundamental problem is that Android doesn't require permission to access sensors the same way it requires permission to access GPS, to use the vibrator motor, to access the camera, etc.

Correcting this problem is technically very easy; the only challenge will be backwards compatibility with existing applications, which is probably why Google hasn't fixed this yet.

Apr 25, 2012
Wait.. what about Santa?

Apr 25, 2012
Wait.. what about Santa?

He was going to get you a new Android phone, now he is not sure anymore.

Apr 26, 2012
More important Google should allow the Android user to install a Firewall!

It is now impossible to root one!?

The only reason Google doesn't allow this, is money?

Apr 29, 2012
nice work a***oles, do you also tell your kids about Santa?

The alternative is to go for 'security by obscurity' - which is the worst possible security mechanism.

There are people out there who will want to use anything they can get their hands on for profit. Better to expose weaknesses in the system than to wait until they do.

My solution: Don't get a smartphone. They're overpriced gadgets chock full of useless 'apps'. Get a phone.

Apr 29, 2012
You could probably get the same situation with the microphone and camera. Even a magnetic compass may sense metal moving with the finger typing. I guess the password entry applications should just disable all inputs and other running background apps.

Apr 29, 2012
@hsvt its not google that disallows rooting, they even release a special phone that is easy to root.
Its the phone carriers that protect against rooting for legal reasons.
Your phone has a limited cell tower communication law. You carrier is not liable because they prtoect against rooting.

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more