DV Hardware - bringing you the hottest news about processors, graphics cards, Intel, AMD, NVIDIA, hardware and technology!

   Home | News submit | News Archives | Reviews | Articles | Howto's | Advertise
 
DarkVision Hardware - Daily tech news
November 21, 2018 
Main Menu
Home
Info
News archives
Articles
Howto
Reviews
 

Who's Online
There are currently 70 people online.

 

Latest Reviews
Arctic BioniX F120 and F140 fans
Jaybird Freedom 2 wireless sport headphones
Ewin Racing Champion gaming chair
Zowie P-TF Rough mousepad
Zowie FK mouse
BitFenix Ronin case
Ozone Rage ST headset
Lamptron FC-10 SE fan controller
 

Follow us
RSS
 

Android Trojan steals passports via the motion sensor

Posted on Wednesday, April 25 2012 @ 09:25:31 CEST by


ARS Technica reports computer scientists have devised a way to capture passwords on Android by interpreting movements via a devices' motion sensor. Access to the motion sensor is available without restriction in Android, so the researchers came up with a way to exploit this weakness and published TapLogger, a proof-of-concept Trojan that monitors readings returned by a phone's accelerometer, gyroscope and orientation sensors:
TapLogger, as their proof-of-concept application for phones running Google's Android operating system is called, masquerades as a benign game that challenges the end user to identify identical icons from a collection of similar-looking images. In the background, the trojan monitors readings returned by the phone's built-in accelerometer, gyroscope, and orientation sensors to infer phone numbers and other digits entered into the device. This then surreptitiously uploads them to a computer under the control of the attackers.

Based in part on a similar smartphone keylogger called TouchLogger demonstrated last year, TapLogger exploits a design weakness in Android that allows all installed apps free access to motion sensor readings. Because similar permission systems are found in Research in Motion's Blackberry OS, there's nothing stopping similar apps from targeting Blackberries according to researchers (Jailbroken iOS devices are also vulnerable.)

"The fundamental problem here is that sensing is unmanaged on existing smartphone platforms," Zhi Xu, a PhD candidate in the Pennsylvania State University's Department of Computer Science and Engineering, wrote in an email to Ars. "TapLogger shows that those unmanaged 'insensitive sensors' can really be used to infer very sensitive user information (e.g. passwords and PIN numbers). Inspired by TapLogger, we believe that more and more sensor-based attackers will be introduced in the near future."




 



 

DV Hardware - Privacy statement
All logos and trademarks are property of their respective owner.
The comments are property of their posters, all the rest © 2002-2018 DM Media Group bvba