Oh no, you're thinking, yet another cookie pop-up. Well, sorry, it's the law. We measure how many people read us, and ensure you see relevant ads, by storing cookies on your device. If you're cool with that, hit “Accept all Cookies”. For more info and to customize your settings, hit “Customize Settings”.

Review and manage your consent

Here's an overview of our use of cookies, similar technologies and how to manage them. You can also change your choices at any time, by hitting the “Your Consent Options” link on the site's footer.

Manage Cookie Preferences
  • These cookies are strictly necessary so that you can navigate the site as normal and use all features. Without these cookies we cannot provide you with the service that you expect.

  • These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers, and in some cases selecting advertisements that are based on your interests.

  • These cookies collect information in aggregate form to help us understand how our websites are being used. They allow us to count visits and traffic sources so that we can measure and improve the performance of our sites. If people say no to these cookies, we do not know how many people have visited and we cannot monitor performance.

See also our Cookie policy and Privacy policy.

This article is more than 1 year old

Evil third-party screens on smartphones are able to see all that you poke

Of course researchers added machine learning to the mix too

Smartphone hackers can glean secrets by analysing touchscreen user interactions, according to new research.

Boffins from Ben-Gurion University in Israel have shown it's possible to impersonate a user by tracking touch movements on smartphones with compromised third-party touchscreens, whether they're sending emails, conducting financial transactions or even playing games.

The research provides a new spin on what was already a recognised threat. Broken smartphone touchscreens are often switched with aftermarket third-party components that have been found to have malicious code embedded.

"Our research objective was to use machine learning to determine the amount of high-level context information the attacker can derive by observing and predicting the user's touchscreen interactions," said Dr Yossi Oren, a researcher in the BGU Department of Software and Information Systems Engineering. "If an attacker can understand the context of certain events, he can use the information to create a more effective customized attack."

The researchers recorded 160 touch interaction sessions from users running many different applications. Using a series of questions and games, the researchers employed machine learning to determine stroke velocity, duration and stroke intervals on specially modified LG Nexus Android phones.

The team said the machine learning results demonstrated an accuracy rate of 92 per cent.

"Now that we have validated the ability to obtain high-level context information based on touch events alone, we recognize that touch injection attacks are a more significant potential threat," Dr Oren added. "Using this analysis defensively, we can also stop attacks by identifying anomalies in a user's typical phone use and deter unauthorized or malicious phone use."

David Rogers, a mobile IoT specialist and lecturer in software engineering at the University of Oxford, told El Reg: "I think it is a legitimate avenue for attack if somewhat convoluted. We did some work on secure UI and extraction of screen memory at OMTP [Open Mobile Terminal Platform]."

Dr Oren's findings were presented at the Second International Symposium on Cybersecurity, Cryptography and Machine Learning (CSCML) on June 21-22 in Beer-Sheva, Israel. The researchers include BGU undergraduate students Moran Azaran, Niv Ben-Shabat, and Tal Shkonik. ®

 

Similar topics

Similar topics

Similar topics

TIP US OFF

Send us news


Other stories you might like