Attackers Can Use Electromagnetic Signals to Control Touchscreens Remotely

Undiscussed Horrific Abuse, One Victim of Many gmkarl at
Sun May 29 07:26:00 PDT 2022

WTG Kai Wang, this public research is incredible for EMSec .

this paper, which i sadly am not reading in depth, also engages
technological parts of the overall technique, such as wirelessly
identifying the screen refresh rate and the phone position and

paper does not consider public systems for observation of signals as a
the article mentions a potential scenario of putting an emitter
underside of a table, to interact with phones on top of the table.

i'm guessing this attack technique is designed for near-field effects,
and a more difficult technique building off this work would likely be
needed for larger distances.

GhostTouch: Targeted Attacks on Touchscreens without Physical Touch
Kai Wang, Zhejiang University; Richard Mitev, Technical University of
Darmstadt; Chen Yan and Xiaoyu Ji, Zhejiang University; Ahmad-Reza
Sadeghi, Technical University of Darmstadt; Wenyuan Xu, Zhejiang

Capacitive touchscreens have become the primary human-machine
interface for personal devices such as smartphones and tablets. In
this paper, we present GhostTouch, the first active contactless attack
against capacitive touchscreens. GhostTouch uses electromagnetic
interference (EMI) to inject fake touch points into a touchscreen
without the need to physically touch it. By tuning the parameters of
the electromagnetic signal and adjusting the antenna, we can inject
two types of basic touch events, taps and swipes, into targeted
locations of the touchscreen and control them to manipulate the
underlying device. We successfully launch the GhostTouch attacks on
nine smartphone models. We can inject targeted taps continuously with
a standard deviation of as low as 14.6 x 19.2 pixels from the target
area, a delay of less than 0.5s and a distance of up to 40mm. We show
the real-world impact of the GhostTouch attacks in a few
proof-of-concept scenarios, including answering an eavesdropping phone
call, pressing the button, swiping up to unlock, and entering a
password. Finally, we discuss potential hardware and software
countermeasures to mitigate the attack.

More information about the cypherpunks mailing list