Hackers have caused many instances of data spills by brute-force attacks and malware that enters into the target systems disguised as executable codes, scripts and active content. But now, they have a subtler software that could directly infect a mobile phone’s innate accessory to glean sensitive information like passwords and pin codes.
It is now possible for hackers to decode what a person is typing on his phone by directing a spying app to the device. What this spying app does is that it takes over the phone’s microscope and uses it to sense sound waves generated by the tapping of fingers on smartphone touch screens. Not only can this sound-based attack recover passwords and pin codes but they can also glean individual letters and ultimately, whole words. Such a malware can passively exist in a smartphone, inside a downloaded app, infected with malware.
This shocking revelation was based on a study by researchers at Cambridge University and Sweden’s Linköping University. According to this study, first reported by Wall Street Journal, sound waves from typing on a phone can be intercepted and decoded with sophisticated ease as the device user ticks off all the app accessibility permissions. Researchers say, “Many apps ask for this permission and most of us blindly accept the list of demanded permissions anyway.”
To demonstrate the premise, the researchers set up a machine-learning algorithm that could decrypt vibrations for particular keystrokes. They conducted several tests gauging 45 people who were allotted phones, that came pre-installed with this malware. According to the paper, the experiment ran on an Android application that enabled participants to enter letters and words on two LG Nexus 5 phones and Nexus 9 tablet. The participants in the study were asked to enter passwords at three locations at a university with different levels of background noise: a common room equipped with a working coffee machine, a library and a reading room with computers.
As the participants tapped in their passwords, the app recorded the audio through devices’ built-in microphones. These mics could pick up the wave’s distortions that are characteristic to the tap’s location on the screen and infer the text being entered on the device.
The research suggested safeguarding methods to keep a check against hacks on this nature; like installing a switch that would allow a user to switch off a microphone manually, or a few software tweaks so that would allow the user to know whenever the microphone is being used in the background, by a notifying flashing light of an icon.
Original Source: https://in.mashable.com/tech/3956/hackers-can-now-steal-your-password-by-listening-to-how-you-type-on-your-phone