My cell phone is currently laying right next to my computer as I write this post on yet another way to be hacked. Could it know what I'm writing?
According a study conducted by Patrick Traynor at Georgia Tech, it can. Motion sensors inside some phones are able to feel the vibrations from typing, which Traynor and his colleagues were able to match to the words that were typed with 80 percent accuracy. They had to have sort of context as to the topic to achieve this accuracy.
Before everyone who is reading this chucks their smartphones away from their desk, know that this capability would first require your phone to be hacked, which it probably hasn't been.
New Scientist reports University of Cambridge computer scientist Markus Kuhn as putting this sort of attack in the "James Bond" category right now, but Traynor said these sorts of attacks could become more prevalent with a rise in mobile malware:
"This will require an expert spending an enormous amount of time tweaking things in order to get a result out," [Kuhn said.]
PC World has more:
"The way we see this attack working is that you, the phone's owner, would request or be asked to download an innocuous-looking application, which doesn't ask you for the use of any suspicious phone sensors," said Henry Carter, a PhD student in computer science and one of the study's co-authors. "Then the keyboard-detection malware is turned on, and the next time you place your phone next to the keyboard and start typing, it starts listening."
According to New Scientist, Traynor and his colleagues at Georgia Tech put an iPhone with a key logging app 5 centimeters (about two inches) away from the computer. PC World reports the researchers found the sensors couldn't tell exactly which key was clicked, but they could sense if it were on the right or left side of the keyboard:
The technique works through probability and by detecting pairs of keystrokes, rather than individual keys (which still is too difficult to accomplish reliably, Traynor said). It models "keyboard events" in pairs, then determines whether the pair of keys pressed is on the left versus right side of the keyboard, and whether they are close together or far apart. After the system has determined these characteristics for each pair of keys depressed, it compares the results against a preloaded dictionary, each word of which has been broken down along similar measurements (i.e., are the letters left/right, near/far on a standard QWERTY keyboard). Finally, the technique only works reliably on words of three or more letters.
PC World notes Traynor as saying the phone can only pick up keystrokes when within three inches of the computer. Moving it outside of that range can help ensure typing isn't being tracked.