NEW!Enroll into our new Ethical Hacking Playlist. Watch Now

[quads id=1]

Hackers NewsNews

Hackers can access your phone’s touchscreen without touching it – GhostTouch

3 Mins read
[quads id=3]

There are caveats to this new research showing how electromagnetic interference can trigger arbitrary behavior on mobile touchscreen using GhostTouch.

Things hackers can do using GhostTouch

  • Respond to or reject calls.
  • Install and configure malicious software.
  • track app usage and phone activity.
  • Activate any phone function.

It is necessary to have physical access to smartphones and to interact with their touchscreens in order to carry out some attacks on them. As long as no one touches your phone, your phone is more or less safe, right? This is incorrect, according to a new study by security researchers at Zhejiang University, China, and the Technical University of Darmstadt, Germany.

The paper (PDF) will be presented at the Usenix Security Symposium in July. GhostTouch uses tapping and swiping to manipulate the screen from a distance of up to 40 millimeters.

– Resources

According to the researchers, GhostTouch can be used by attackers to initiate calls and download malware, according to the researchers.

What is electromagnetic interference (EMI)

The term “electromagnetic interference” (EMI) refers to unwanted noise or interference that an external source introduces into an electrical circuit or path. It is also referred to as radio frequency interference. Electronics may perform erratically, break down, or stop functioning altogether as a result of EMI. EMI can result from both natural and man-made sources.

Electromagnetic interference

Smartphones and tablets use capacitive touchscreens, which can measure small electric fields and provide multi-touch capabilities. A capacitive touchscreen is sensitive to electromagnetic interference (EMI) and charger noise, however.

A GhostTouch attack scenario

Previous research has shown that EMI can interfere with touchscreen user experience and possibly result in unpredictable and dangerous behavior. In one instance, EMI signals caused a charging phone to reserve an extremely expensive hotel room.

The purpose of developing GhostTouch was to test the idea that EMI may be used to generate controllable touch events and initiate random behavior on capacitive touchscreens.

Manipulating the touchscreen

GhostTouch’s main goal is to tamper with touchscreen capacitance measurements by injecting electromagnetic pulses into the receiving sensors built into the touchscreen. The technology stack that the researchers developed consists of a waveform generator that generates the EMI signal and an antenna that delivers it to the touchscreen of the phone. A phone tracker module detects the phone’s screen precisely and calibrates the signals to various places.

GhostTouch is an intentional attack. For the equipment to be tuned, the attacker has to know the brand and model of the victim’s phone. Additional details about the phone, such as the passcode, may be required by the attacker, which they must obtain through social engineering or “shoulder surfing.”

Public areas where individuals might put their devices face-down on a table, like cafes, libraries, or conference halls, are the primary attack scenario. Under the table, the attacker will have planted the attacking equipment so that attacks may be launched remotely.

The researchers used GhostTouch to do a number of tasks, including answering the phone, tapping a button, unlocking by swiping up, and entering a password. An attacker may call a victim whose phone is in quiet mode, use GhostTouch to answer the call without alerting the victim, and then listen in on a private chat.

Another possibility is that the attacker will give the victim’s phone a malicious link, which they will then tap on and download via GhostTouch.

Testing GhostTouch

The team used 11 popular phone models to test GhostTouch. On nine models, they were able to use the attack with different degrees of success. For instance, they were able to get an iPhone SE to connect to a malicious Bluetooth device. The researchers came to the conclusion that despite extensive electromagnetic compatibility testing and the addition of anti-interference design components, capacitive touchscreens on smartphones are still vulnerable to EMI attacks like GhostTouch.

A number of defenses were put up, such as hardening the touchscreen to protect it against focused EMI attacks and implementing algorithms to find unusual touch points.

Others are reading

Ethical Hacking

Unveiling the Enigma of Password Hacking: A Comprehensive Guide

2 Mins read
In today’s interconnected world, passwords serve as the gatekeepers to our digital lives, guarding access to a vast array of online accounts,…
Ethical HackingEthical Hacking Course

Mastering Reconnaissance in Cyber Security: A Beginner’s Guide to Footprinting

9 Mins read
Footprinting stands at the forefront of reconnaissance in cyber security, marking the initial phase where cybersecurity professionals, penetration testers, and even threat…
Ethical HackingTechnology

OSNIT: Everything you need to know about Open-Source Intelligence

3 Mins read
What is OSINT ? OSINT or Open Source Intelligence is the process by which information are collected from openly available information or…
89 posts

About author
Troubleshooter | YouTuber (60k subs) | Creator of this website (i.e. The Techrix) Passionate about InfoSec & CTFs | Exploring tech's frontiers with curiosity and creativity."
Articles
Related posts
Ethical Hacking CourseHackers News

Master Google Dorking/Hacking: Unleash the Power of Google Search Hacking

6 Mins read
Introduction In the ever-expanding digital landscape, information is key. And when it comes to uncovering hidden data, vulnerabilities, or sensitive information, Google…
Ethical HackingHackers News

How to Set-Up VPN Chaining: The Ultimate Guide

14 Mins read
In today’s interconnected world, online privacy and security have become paramount concerns. Many Internet users turn to Virtual Private Networks (VPNs) to…
Hackers News

VPN Chaining: Enhancing Privacy and Security in the Digital Age

4 Mins read
About VPN chaining In today’s digital landscape, where cyber threats are on the rise, ensuring the privacy and security of our online…

Leave a Reply

Your email address will not be published. Required fields are marked *

×
Ethical HackingHackers NewsNews

NAME: WRECK DNS Bugs: What You Need to Know