Two researchers from UC Davis have successfully created a proof-of-concept keylogger using a smartphone’s built-in gyroscope. TouchLogger was written for Android, but there is no reason the same couldn’t be done for iPhone or any modern smartphone or tablet for that matter.
Many modern gadgets feature a three-axis gyro to gather device-orientation data for the purposes of gaming or navigation. Hao Chen and Lian Cai analyzed minute variations in pitch, yaw, and roll (X, Y, and Z axis) paths during onscreen-keyboard input to see if different keys produced distinct results. The keylogger has a 71.5% accuracy in 10-key number pad input. That percentage is lowerered during input on a more crowded in-screen QWERTY keyboard, but I imagine accuracy could be increased with more tests, as well as contextual word analysis (i.e. auto-correct). Larger devices such as tablets also boasted a higher accuracy as there are greater margins between key presses and therefore more room for spatial variation.
While undoubtedly cool technology, the implication here is that of a privacy concern. Since gyroscope data has not previously been considered an obvious door for attack, it is readily available to developers via built-in Android and iOS APIs. At the very least, smartphone OSes should consider deploying an allow/deny mechanism for gyro data as they do for GPS location.
Read the complete UC Davis PDF Paper here.
Your yaw is showing... use the Comments!
Mike Keller is PCWorld’s resident iOS developer nerd. Catch Diary of a Developer every Tuesday here at GeekTech.