iPhone Accelerometer May Be Susceptible to Keylogger Attack

Security is something that is never far from a smartphone owner’s mind. After all, these little computers, be they of the iOS, Android, or other variety, contain the keys to our lives.

Just think about the kind of information you keep on your iPhone; the kinds of passwords you enter as a matter of routine. Gmail passwords, Paypal passwords, your bank’s internet banking details: it all goes through your iPhone.

According to new research by the Georgia Institute of Technology, it’s possible that all these keystrokes could be logged, and all thanks to your iPhone’s accelerometer. But before you rush out to change all your passwords, it’s worth checking out just what such a keylogging attack would entail…

The magic happens thanks to your iPhone’s accelerometer. Yes, that sensor that tells your iPhone which direct it is facing could actually be helping people to steal your data, but it’s not quite as simple as that.

According to Patrick Traynor, assistant professor in Georgia Tech’s School of Computer Science, in order for the attack to work, an iPhone (or other smartphone, for that matter) would need to be within a few inches of a computer’s keyboard, and the logging software would need to be active ont he device being attacked.

But how, assuming those two rather unlikely occurrences do coincide with each other, does this attack work?

Magic, of course:

“When the iPhone is positioned within a few inches of a computer keyboard, it can kinetically capture the keyboard’s physical vibration. The attack method has so far shown an 80 percent success rate, says Traynor. “Every time you touch a key you create a physical vibration and it’s recorded by the accelerometer in the phone.”

Yes, you read that right. The vibration created by your pressing on your iPhone actually creates a slight vibration, which is then registered by the built-in accelerometer. The vibration itself helps the software to pinpoint where on the screen the user tapped, and hence, which keys were pressed.

Of course, this may technically be possible, but it’s more likely someone will either guess your weak passwords, or just steal your iPhone. Traynor himself admits the attack is not a trivial matter, but that the research does serve as a proof of concept.

As interesting as this is, we won’t be losing any sleep over it just yet.