Smartphone malware could identify words typed on nearby keyboards
By Ben Coxworth
October 19, 2011
If you're looking for a reason to buy an iPhone 3GS as opposed to an iPhone 4, besides the lower price, here's one: it's technically possible that malware on an iPhone 4 - if that phone were placed beside its user's computer keyboard - could be used to deduce what the user was typing. Once that data was stored on the phone, it could then be transmitted to another party. According to researchers at the Georgia Institute of Technology, who were able to use one of the phones for this purpose, any smartphone made within the past two years should be capable of doing so.
The key to the so-called "(sp)iPhone" system is the phone's accelerometer, which can be used to estimate whereabouts a user's fingers are striking their keyboard, based on the vibrations they create. The older 3GS didn't work well enough as it lacks the 4's gyroscope, which cleans up the accelerometer "noise."
The system groups the detected keystrikes into groups of two, and is able to determine if each of the strikes come from the left or right side of the keyboard, and if the two keys are near-to or far away from each other. The word "CANOE," for instance, divides up into C-A, A-N, N-O and O-E, which the system would simply register as Left-Left-Near, Left-Right-Far, Right-Right-Far and Right-Left-Far. That pattern is then compared to entries in a 58,000-word dictionary, with (sp)iPhone making an educated guess as to which word best matches that typing pattern.
In the lab tests, the system was able to correctly recover up to 80 percent of the words typed.
Because it required so much effort, however, the researchers doubt that actual malware using the technology will be showing up any time soon. If you're paranoid, Georgia Tech computer scientist Patrick Traynor suggests making sure that you place your phone farther than three inches away from your keyboard - the minimum distance required by (sp)iPhone. He also believes that problems could be avoided if phone manufacturers set lower sampling rates on their accelerometers, and required user authorization before apps could access a phone's accelerometer.