TapLogger Android trojan nicks keystrokes via phone movements

Computer scientists have come up with a way to log all the phone numbers you dialled, Social Security IDs, as well as other personal identification numbers which have been entered into smartphones through the simple act of monitoring the devices’ integrated motion sensors. This particular proof-of-concept is known as TapLogger, where it will run on the Android platform while masking its presence as a game which “challenges” the user to identify identical icons from a collection of images that have very little differences between them. Unknown to the gullible user, the trojan will work in the background, monitoring readings that are returned by the phone’s integrated accelerometer, gyroscope, and orientation sensors in order to infer phone numbers as well as additional digits that were entered into the device.

All this information will be uploaded to a computer that is under the control of the attackers, where how they plan to use and manipulate such information rests entirely on their shoulders. Sounds familiar like the smartphone keylogger known as TouchLogger which was demonstrated in 2011, and according to the researchers, the inclusion of similar permission systems in RIM’s Blackberry OS as well as jailbroken iOS devices might see similar apps appearing on such platforms as well.

Having a smartphone does allow you to do a whole lot more, but ultimately, you might want to think twice about accessing sensitive sites such as your bank account via your smartphone rather than through your home’s network that, by all means and circumstances, should be far more secure as you have already taken the necessary precautions beforehand.

All in all, it does seem to be a fairly unreliable method of stealing keystrokes, but it might just work.

Edwin Kee
Categories: Cellphones
Tags: Android