WTG Kai Wang, this public research is incredible for EMSec . this paper, which i sadly am not reading in depth, also engages technological parts of the overall technique, such as wirelessly identifying the screen refresh rate and the phone position and orientation. paper does not consider public systems for observation of signals as a countermeasure. the article mentions a potential scenario of putting an emitter underside of a table, to interact with phones on top of the table. i'm guessing this attack technique is designed for near-field effects, and a more difficult technique building off this work would likely be needed for larger distances. https://www.usenix.org/conference/usenixsecurity22/presentation/wang-kai GhostTouch: Targeted Attacks on Touchscreens without Physical Touch Authors: Kai Wang, Zhejiang University; Richard Mitev, Technical University of Darmstadt; Chen Yan and Xiaoyu Ji, Zhejiang University; Ahmad-Reza Sadeghi, Technical University of Darmstadt; Wenyuan Xu, Zhejiang University Abstract: Capacitive touchscreens have become the primary human-machine interface for personal devices such as smartphones and tablets. In this paper, we present GhostTouch, the first active contactless attack against capacitive touchscreens. GhostTouch uses electromagnetic interference (EMI) to inject fake touch points into a touchscreen without the need to physically touch it. By tuning the parameters of the electromagnetic signal and adjusting the antenna, we can inject two types of basic touch events, taps and swipes, into targeted locations of the touchscreen and control them to manipulate the underlying device. We successfully launch the GhostTouch attacks on nine smartphone models. We can inject targeted taps continuously with a standard deviation of as low as 14.6 x 19.2 pixels from the target area, a delay of less than 0.5s and a distance of up to 40mm. We show the real-world impact of the GhostTouch attacks in a few proof-of-concept scenarios, including answering an eavesdropping phone call, pressing the button, swiping up to unlock, and entering a password. Finally, we discuss potential hardware and software countermeasures to mitigate the attack.