DV Hardware - bringing you the hottest news about processors, graphics cards, Intel, AMD, NVIDIA, hardware and technology!
   Home | News submit | News Archives | Reviews | Articles | Howto's | Advertise
DarkVision Hardware - Daily tech news
October 22, 2019 
Main Menu
News archives

Who's Online
There are currently 166 people online.


Latest Reviews
Ewin Racing Flash gaming chair
Arctic BioniX F120 and F140 fans
Jaybird Freedom 2 wireless sport headphones
Ewin Racing Champion gaming chair
Zowie P-TF Rough mousepad
Zowie FK mouse
BitFenix Ronin case
Ozone Rage ST headset

Follow us

Android Trojan steals passports via the motion sensor

Posted on Wednesday, April 25 2012 @ 09:25:31 CEST by

ARS Technica reports computer scientists have devised a way to capture passwords on Android by interpreting movements via a devices' motion sensor. Access to the motion sensor is available without restriction in Android, so the researchers came up with a way to exploit this weakness and published TapLogger, a proof-of-concept Trojan that monitors readings returned by a phone's accelerometer, gyroscope and orientation sensors:
TapLogger, as their proof-of-concept application for phones running Google's Android operating system is called, masquerades as a benign game that challenges the end user to identify identical icons from a collection of similar-looking images. In the background, the trojan monitors readings returned by the phone's built-in accelerometer, gyroscope, and orientation sensors to infer phone numbers and other digits entered into the device. This then surreptitiously uploads them to a computer under the control of the attackers.

Based in part on a similar smartphone keylogger called TouchLogger demonstrated last year, TapLogger exploits a design weakness in Android that allows all installed apps free access to motion sensor readings. Because similar permission systems are found in Research in Motion's Blackberry OS, there's nothing stopping similar apps from targeting Blackberries according to researchers (Jailbroken iOS devices are also vulnerable.)

"The fundamental problem here is that sensing is unmanaged on existing smartphone platforms," Zhi Xu, a PhD candidate in the Pennsylvania State University's Department of Computer Science and Engineering, wrote in an email to Ars. "TapLogger shows that those unmanaged 'insensitive sensors' can really be used to infer very sensitive user information (e.g. passwords and PIN numbers). Inspired by TapLogger, we believe that more and more sensor-based attackers will be introduced in the near future."



DV Hardware - Privacy statement
All logos and trademarks are property of their respective owner.
The comments are property of their posters, all the rest © 2002-2019 DM Media Group bvba