comScore
Uncategorized Saturday, October 22nd 2011 at 12:00 pm

Study Uses iPhone Accelerometers to “Read” Nearby Keystrokes

By ( ) Comments

A team of researchers from Georgia Tech’s School of Computer Science has announced that they’ve found a way to capture keyboard information through the accelerometer of a nearby iPhone. According to their findings, the technique was accurate 80% of the time. This isn’t the first time an iPhone’s accelerometer has been used to capture keystrokes, but it is the first time a keyboard has been captured through a neighboring phone.

Instead of directly monitoring keystrokes, like a keylogger installed on a target’s computer, this method senses the vibrations of each keystroke via the iPhone’s accelerometer. To accurately discern what is being typed, the software compares pairs of keystrokes. It sorts these based on which side of the keyboard the stroke occurred, and how close the keyboard stokes were to each other. This might not seem useful, but when the software compares this data against a dictionary, the program is able to glean the typed words with alarming accuracy.

Innovations Report provides this illustrative example of how the software interprets keystrokes.

[...] take the word “canoe,” which when typed breaks down into four keystroke pairs: “C-A, A-N, N-O and O-E.” Those pairs then translate into the detection system’s code as follows: Left-Left-Near, Left-Right-Far, Right-Right-Far and Right-Left-Far, or LLN-LRF-RRF-RLF. This code is then compared to the preloaded dictionary and yields “canoe” as the statistically probable typed word. Working with dictionaries comprising about 58,000 words, the system reached word-recovery rates as high as 80 percent.

Previous research showed that similar observations could be made using a phone’s built-in microphone. However, the accelerometer vibrates far fewer times per second, meaning that the information is more useful in discerning keystrokes. While purely theoretical, the researchers point out that there are few security restrictions on the use of accelerometers, unlike microphones which often require a user’s permission for use.

Of course, there are some serious limitations to using accelerometers for surveillance purposes. Firstly, because the technique uses pairs of keystrokes, it can only decode words three letters or longer. Second, the phone must be within three inches of the target keyboard. Too far away, and the accelerometers cannot acquire useful data. However, the researchers believe that simply asking for a user’s permission before acquiring sensitive accelerometer data — like that needed for the finer control of a game — would be be better.

(Innovations Report, via Wired, image via Jeff Kraus)

Relevant to your interests

Filed Under |
  • Anonymous

    Worthy project.  Even if they have trouble getting well beyond 80% they could combine this data with other references and improve the accuracy.  I can think of several ways the basic idea could be adapted to assist with activities not involving a keyboard, or at least not requiring the user to type each character.  

  • http://www.facebook.com/MacAaron Aaron Turpen

    It could also be used to build phone-specific keyboards that require no power to run.  In other words, miniature keyboards made for the smart phone that the user can unfold and use without needing batteries, a plug-in (to the phone or wall), etc.  I should probably hurry and file a patent on the idea so I can troll anyone who tries to use it.

  • Anonymous

    Oh wow, OK that is downright scary dude. Seriously.
    privacy-tools.au.tc

  • (eyes moving left & right)

    BIG BROTHER (“1984″) is beyond just watching!  

  • http://twitter.com/neilvoss Neil Voss

    It would be positively horrible to have to ask permission to use the accelerometer in an application experience because of a small chance it could be used (like any other sensor) as an abstract means to intrude upon privacy. What situation would a person have to find themselves in that would make this sort of malware application viable? It is a clever idea, but one that would be better suited as a creative means to provide typed input (as Aaron Turpen mentioned). And it sounds like it would only work well if the input was coupled with other sensors to form a more complete picture.

  • Max Eddy

    That’s a good point about coupling with other sensors for better keylogging. I hadn’t thought about it as one prong of a larger attack.

    Regarding permissions, I think the main thrust behind the researchers recommendations was that accelerometers are relatively insecure. If you were only warned once that an app needed accelerometer access, it wouldn’t be so annoying and might make users wonder why that particular app needed accelerometer info.

  • Zv Odd

    Just add audio data…

    I have seen some project using 2 microphones next to the keyboard to log keyboard input. Combine these two and I’d put money on getting near 99% accuracy.