Hackers may be able to spy on your keystrokes if you keep your iPhone too close to your computer, a group of researchers reported this week.
According to Georgia Tech University computer science professor Patrick Traynor, it may be possible for hackers to hide malware on an iPhone 4 that is capable of sensing "keyboard vibrations [to] decipher complete sentences with up to 80 percent accuracy." And while Traynor and his team say that it would not be an easy thing to accomplish, it is definitely possible.
Because iPhone 4s--and other current-generation smart phones--have both an accelerometer and a gyroscope, it is within the realm of feasibility that malware on such devices could track what someone is typing on a nearby keyboard.
"The technique works through probability and by detecting pairs of keystrokes, rather than individual keys," the Georgia Tech report said. "It models 'keyboard events' in pairs, then determines whether the pair of keys pressed is on the left versus right side of the keyboard, and whether they are close together or far apart."
What happens then, the researchers concluded, is that the hidden software could compare what it's found about a user's keystrokes against an onboard dictionary, in which words are also broken down by where letters are located on a standard QWERTY keyboard.
"For example, take the word 'canoe,'" the report explained, "which when typed breaks down into four keystroke pairs: 'C-A, A-N, N-O and O-E.' Those pairs then translate into the detection system's code as follows: Left-Left-Near, Left-Right-Far, Right-Right-Far and Right-Left-Far....This code is then compared to the preloaded dictionary and yields 'canoe' as the statistically probable typed word. Working with dictionaries comprising about 58,000 words, the system reached word-recovery rates as high as 80 percent."
According to one of the researchers, the malware behind such an attack would most likely make its way onto someone's phone through a request to "download an innocuous-looking application, which doesn't ask you for the use of any suspicious phone sensors. Then the keyboard-detection malware is turned on, and the next time you place your phone next to the keyboard and start typing, it starts listening."
But before you get too worried about whether your iPhone is going to start spying on you, it's worth noting that the researchers determined there was little risk if you keep your mobile device more than three inches away from the keyboard. And while greater security governing the accelerometer--most likely settings that reduce the sampling rate of that sensor--may be desirable, this kind of hack is probably not something that is going to affect most people anytime soon. "The likelihood of someone falling victim to an attack like this right now is pretty low," Traynor said. "This was really hard to do. But could people do it if they really wanted to? We think yes."