I’ve never been deeply in love with touch screen tablets—too big for my pocket, too small to really type on with my normal sized hands. Anyway.
This summer, researchers at Zhejiang University and TU Darmstadt report a new attack on capacitance touchscreens, including smart phones, via a compromised charging station [1]. Urk!
Basically, the charging signal is unobtrusively manipulated and the device leaks noise internally which activates the touch sensors. Eh, voila! “Ghosttouch!”
In earlier work, this team showed that the sensors can be activated by external EM fields, to manipulate the device without touching it.
So, there are potentially two ways to hack a touch screen tablet without overtly typing. Cool.
Obviously, this hack could let you do anything in the power of your device, including accessing and modifying protected data. Of course, you’d need some additional method before you could read the screen, so any data theft would need to transmit it to the attacker’s control. And, on the other hand, the manipulation might be pretty obvious if the user is looking at the screen while the “invisible” attack types away!
For that matter, no amount of Ghosttouching would be able to fool fingerprint, face, or voice identification. So I don’t think this technique will be able break in to a system that uses biometrics, at least not without other capability (such as a replay attack, or the ability to shor circuit the biometric authentication step). But it could be deadly if you plug it in and open it up.
Which raises another point: the attacker can’t do all that much just by typing, unless they have passwords or other detailed knowledge of the system and connections. The attack would probably unfold by using the Ghosttouch to install malware to seize control. No need to phish when you can just type in the place of the victim!
I have to say that I wasn’t astonished to learn that tablets have noise issues. I know that my friends who design hardware constantly fight noise, and frequently have to trade off noise levels against time and money.
Consumer electronics are particularly difficult design problems, with so much stuff jammed into a small package, produced under extreme time and money constraints. Also, capacitance sensor systems have to be cheap and sensitive enough to be easy to use, which almost certainly means they will be vulnerable to noise.
It’s a miracle these systems work at all!
Anyway, it seems clear that you should take care with touch screen devices. Turn ‘em off when not used, and use authentication and proper security. Don’t use random, unknown chargers. And, by the way, try to secure your own charger—don’t let it out of your possession.
- Y. Jiang, X. Ji, K. Wang, C. Yan, R. Mitev, A. Sadeghi, and W. Xu, WIGHT: Wired Ghost Touch Attack on Capacitive Touchscreens, in 2022 IEEE Symposium on Security and Privacy (SP). 2022: San Francisco. http://doi.ieeecomputersociety.org/10.1109/SP46214.2022.00108
- Richard Mitev and Ahmad-Reza Sadeghi, Touchscreens: Attack from the charging socket, in TU Darmstadt – Latest News, July 20, 2022. https://www.tu-darmstadt.de/universitaet/aktuelles_meldungen/einzelansicht_376384.en.jsp
Robert McGrath's Blog 