Researcher to demo hack for logging Android, iOS touchscreen movements

Share this article:
A flaw that allowed users to break through the passcode screen was eliminated in iOS 7.0.2.
The "touchlogging" attack method will be presented in detail at RSA Conference next month.

At next month's RSA Conference, a security researcher will demo a hack that could allow an attacker to capture all the touchscreen movements a user makes on their Android or iOS device.

According to Neal Hindocha, a senior security consultant at Trustwave, the “touchlogging” attack method “seems like the logical continuation of keylogging” – when saboteurs plant malware on victims' computers to track their keyboard movements and steal sensitive inputted data.

Hindocha developed the proof-of-concept which works on jailbroken iOS devices, in addition to rooted and stock Android devices.

Once installed, the malware tracks where a user touches their screen, giving an attacker insight on logged passwords, usernames, banking information – and the list goes on.

The touchlogging attack also allows a saboteur to take screenshots of the victims' movements,  which can create an even better picture of users' mobile activities.

In a Thursday email to SCMagazine.com, Hindocha said that “by taking screenshots and overlaying the X and Y coordinates on the screenshot, it is possible to see what the user is seeing, and [get] the information the user is inputting.”

He later spoke to some of the less obvious nuggets of information obtained by the malware, which became apparent to him throughout his research.

“One interesting aspect of this research is that initially, I thought the screenshot was a requirement to get something useful,” Hindocha wrote. “However, the more data I collect from my own phone, the more I realize that it is quite easy to determine certain patterns.”

One “pattern” was that a PIN or passcode was often the first thing to be inputted, after a phone had been locked due to being idle, he said.

Hindocha made note of other mobile habits that could be of use to attackers.

“Swipe motions up and down tend to indicate someone reading email, and touch events mainly in the area where the keyboard is, is often an indication of text input. In fact, differentiating between entering passcodes, moving around the home screen, writing emails and playing games is often not difficult, when only looking at the touch events (X / Y coordinates),” he explained.

The touchlogger malware can be installed on a target device using the usual attack vectors: through third-party app stores, by connecting a mobile device to an infected computer or through network-based attacks (like through open Wi-Fi networks), Hindocha revealed.

The researcher plans to show at least two demos on the attack method, as well as reveal more details on the hack, at the RSA Conference in San Francisco on Feb. 26.

“The research began by looking at the Windows platform, [and] seeing how powerful certain malware could be when it included keylogging functionality,” Hindocha wrote. “I wanted to bring this over to mobile, to see if similar techniques could be used to bypass security implementations when touchscreens were used."

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Adobe exploit used to spread Dyre credential stealer

Adobe exploit used to spread Dyre credential stealer

Users running vulnerable Adobe software could be in danger of having credentials for Bitcoin websites stolen.

Staples is investigating a potential issue involving credit card data

Staples is investigating a potential issue involving credit ...

The company said it is investigating a potential issue involving credit card data and that customers are not responsible for fraudulent activity on cards if an issue is discovered.

Skills set a priority over legacy prejudices, experts say

Skills set a priority over legacy prejudices, experts ...

Cybersecurity expert Winn Schwartau and Robert Clark, a cyber law attorney at the Army Cyber Institute, discussed issues around hiring in the information security industry.