There are caveats to this new research showing how electromagnetic interference can trigger arbitrary behavior on mobile touchscreen using GhostTouch.
Things hackers can do using GhostTouch
- Respond to or reject calls.
- Install and configure malicious software.
- track app usage and phone activity.
- Activate any phone function.
It is necessary to have physical access to smartphones and to interact with their touchscreens in order to carry out some attacks on them. As long as no one touches your phone, your phone is more or less safe, right? This is incorrect, according to a new study by security researchers at Zhejiang University, China, and the Technical University of Darmstadt, Germany.
The paper (PDF) will be presented at the Usenix Security Symposium in July. GhostTouch uses tapping and swiping to manipulate the screen from a distance of up to 40 millimeters.
– Resources
According to the researchers, GhostTouch can be used by attackers to initiate calls and download malware, according to the researchers.
What is electromagnetic interference (EMI)
The term “electromagnetic interference” (EMI) refers to unwanted noise or interference that an external source introduces into an electrical circuit or path. It is also referred to as radio frequency interference. Electronics may perform erratically, break down, or stop functioning altogether as a result of EMI. EMI can result from both natural and man-made sources.
Electromagnetic interference
Smartphones and tablets use capacitive touchscreens, which can measure small electric fields and provide multi-touch capabilities. A capacitive touchscreen is sensitive to electromagnetic interference (EMI) and charger noise, however.
Previous research has shown that EMI can interfere with touchscreen user experience and possibly result in unpredictable and dangerous behavior. In one instance, EMI signals caused a charging phone to reserve an extremely expensive hotel room.
The purpose of developing GhostTouch was to test the idea that EMI may be used to generate controllable touch events and initiate random behavior on capacitive touchscreens.
Manipulating the touchscreen
GhostTouch’s main goal is to tamper with touchscreen capacitance measurements by injecting electromagnetic pulses into the receiving sensors built into the touchscreen. The technology stack that the researchers developed consists of a waveform generator that generates the EMI signal and an antenna that delivers it to the touchscreen of the phone. A phone tracker module detects the phone’s screen precisely and calibrates the signals to various places.
GhostTouch is an intentional attack. For the equipment to be tuned, the attacker has to know the brand and model of the victim’s phone. Additional details about the phone, such as the passcode, may be required by the attacker, which they must obtain through social engineering or “shoulder surfing.”
Public areas where individuals might put their devices face-down on a table, like cafes, libraries, or conference halls, are the primary attack scenario. Under the table, the attacker will have planted the attacking equipment so that attacks may be launched remotely.
The researchers used GhostTouch to do a number of tasks, including answering the phone, tapping a button, unlocking by swiping up, and entering a password. An attacker may call a victim whose phone is in quiet mode, use GhostTouch to answer the call without alerting the victim, and then listen in on a private chat.
Another possibility is that the attacker will give the victim’s phone a malicious link, which they will then tap on and download via GhostTouch.
Testing GhostTouch
The team used 11 popular phone models to test GhostTouch. On nine models, they were able to use the attack with different degrees of success. For instance, they were able to get an iPhone SE to connect to a malicious Bluetooth device. The researchers came to the conclusion that despite extensive electromagnetic compatibility testing and the addition of anti-interference design components, capacitive touchscreens on smartphones are still vulnerable to EMI attacks like GhostTouch.
A number of defenses were put up, such as hardening the touchscreen to protect it against focused EMI attacks and implementing algorithms to find unusual touch points.