Attackers Can Use Electromagnetic Signals to Control Touchscreens Remotely
Undiscussed Horrific Abuse, One Victim of Many
gmkarl at gmail.com
Sun May 29 07:26:00 PDT 2022
WTG Kai Wang, this public research is incredible for EMSec .
this paper, which i sadly am not reading in depth, also engages
technological parts of the overall technique, such as wirelessly
identifying the screen refresh rate and the phone position and
orientation.
paper does not consider public systems for observation of signals as a
countermeasure.
the article mentions a potential scenario of putting an emitter
underside of a table, to interact with phones on top of the table.
i'm guessing this attack technique is designed for near-field effects,
and a more difficult technique building off this work would likely be
needed for larger distances.
https://www.usenix.org/conference/usenixsecurity22/presentation/wang-kai
GhostTouch: Targeted Attacks on Touchscreens without Physical Touch
Authors:
Kai Wang, Zhejiang University; Richard Mitev, Technical University of
Darmstadt; Chen Yan and Xiaoyu Ji, Zhejiang University; Ahmad-Reza
Sadeghi, Technical University of Darmstadt; Wenyuan Xu, Zhejiang
University
Abstract:
Capacitive touchscreens have become the primary human-machine
interface for personal devices such as smartphones and tablets. In
this paper, we present GhostTouch, the first active contactless attack
against capacitive touchscreens. GhostTouch uses electromagnetic
interference (EMI) to inject fake touch points into a touchscreen
without the need to physically touch it. By tuning the parameters of
the electromagnetic signal and adjusting the antenna, we can inject
two types of basic touch events, taps and swipes, into targeted
locations of the touchscreen and control them to manipulate the
underlying device. We successfully launch the GhostTouch attacks on
nine smartphone models. We can inject targeted taps continuously with
a standard deviation of as low as 14.6 x 19.2 pixels from the target
area, a delay of less than 0.5s and a distance of up to 40mm. We show
the real-world impact of the GhostTouch attacks in a few
proof-of-concept scenarios, including answering an eavesdropping phone
call, pressing the button, swiping up to unlock, and entering a
password. Finally, we discuss potential hardware and software
countermeasures to mitigate the attack.
More information about the cypherpunks
mailing list