HardOCP News
[H] News
- Joined
- Dec 31, 1969
- Messages
- 0
Seriously? Smartphones being used to record and decipher what you are typing on your keyboard? I'm not saying this story is BS, but I am definitely skeptical.
![[H]ard|Forum](/styles/hardforum/xenforo/logo_dark.png){kind=logo}
Smartphones Can Spy on Keyboards to Record Your Passwords
- Thread starter HardOCP News
- Start date
DoubleTap
2[H]4U
- Joined
- Dec 16, 2010
- Messages
- 2,990
I absolutely do not believe this.
Phone type, distance from keyboard, desk material, and vibrations from other activities seem more than likely to introduce enough variation in the vibration patterns to make this virtually impossible.
Under the most ideal conditions, in a controlled environment where you could tweak and monitor every aspect, you might be able to glean some information, but the idea of a phone trojan being able to capture this in a totally unknown environment - I would call that as close to impossible as you can get.
Phone type, distance from keyboard, desk material, and vibrations from other activities seem more than likely to introduce enough variation in the vibration patterns to make this virtually impossible.
Under the most ideal conditions, in a controlled environment where you could tweak and monitor every aspect, you might be able to glean some information, but the idea of a phone trojan being able to capture this in a totally unknown environment - I would call that as close to impossible as you can get.
There's nothing to see here - the variables are ridiculous.
For those that didn't read the article (don't bother), it "works" by using the accelerometer to guess roughly what area of the keyboard was pressed. From there it comes up with a pair of "probable" letters. Then it compares all the probable letter combinations against a dictionary. So if whatever you are typing is not in the dictionary it's impossible for it to identify what you are typing.
In other words it's completely useless for anything like passwords, usernames, email addresses, account numbers, slang, abbreviations, smileys, and anything else that won't be in the dictionary. It is also probably baffled by numbers, punctuation, ambient bumps and vibrations, arrow keys, backspaces, shifted characters, and much more. Also, as noted above, typos will throw the whole thing off. So a password like "gr33n366s&H@m" would stump it. Even a password like "p@ssworD" would stump it.
I thought it would be something cooler like using the wifi and bluetooth radios to eavesdrop on wireless keyboards.
For those that didn't read the article (don't bother), it "works" by using the accelerometer to guess roughly what area of the keyboard was pressed. From there it comes up with a pair of "probable" letters. Then it compares all the probable letter combinations against a dictionary. So if whatever you are typing is not in the dictionary it's impossible for it to identify what you are typing.
In other words it's completely useless for anything like passwords, usernames, email addresses, account numbers, slang, abbreviations, smileys, and anything else that won't be in the dictionary. It is also probably baffled by numbers, punctuation, ambient bumps and vibrations, arrow keys, backspaces, shifted characters, and much more. Also, as noted above, typos will throw the whole thing off. So a password like "gr33n366s&H@m" would stump it. Even a password like "p@ssworD" would stump it.
I thought it would be something cooler like using the wifi and bluetooth radios to eavesdrop on wireless keyboards.
I think the concept and theory is sound. The software on the phone could account for being left/right of the keyboard, sense relative distance from each key based on intensity of the vibration, etc. I'd be really interested in seeing this tested in a real-world environment, though.
And, of course, in order to be of any use to a ne'er-do-well, the target would have to have the app installed and running on their phone, so that provides at least some barrier to entry.
And, of course, in order to be of any use to a ne'er-do-well, the target would have to have the app installed and running on their phone, so that provides at least some barrier to entry.
and there lies the danger. We here at the [H] know better to use easy passwords. Everyone else is likely to use dictionary words. That's why this research is important.
That's another reason (besides it always mistyping) I hate these virtual keyboards. Never like them, always prefer a slideout too, but now we are almost forced to if we upgrade these days ):
Anyways.... I think its a big issue because what stops a hacker (a good one who innovates new viruses) from making a 2nd "virtual" keyboard on top of yours? What I mean is like a virtual keyboard logger, that users would never be able to tell the difference.... get what I'm saying? What prevents a hacker from putting a virtual key log keyboard on your smartphone? If people would download a virus app (unbeknownst to them), what would stop the virus from manipulating the look of a real virtual keyboard on your screen?
Anyways.... I think its a big issue because what stops a hacker (a good one who innovates new viruses) from making a 2nd "virtual" keyboard on top of yours? What I mean is like a virtual keyboard logger, that users would never be able to tell the difference.... get what I'm saying? What prevents a hacker from putting a virtual key log keyboard on your smartphone? If people would download a virus app (unbeknownst to them), what would stop the virus from manipulating the look of a real virtual keyboard on your screen?
DeathPrincess
Fully [H]
- Joined
- May 15, 2010
- Messages
- 18,205
Finally a reason to get a dvorak keyboard? 