By Olivia Solon, Wired UK
The accelerometers in many smartphones could be used to decipher what you type into your PC keyboard — including passwords and email content — according to computer scientists at Georgia Tech.
The technique involves working through probability by detecting pairs of keystrokes, rather than individual keys. It models “keyboard events” in pairs and then works out whether the pair of keys pressed is on the left or the right side of the keyboard and whether they are close together or far apart on the QWERTY keyboard. Once it has worked this out, it compares the results to a preloaded dictionary where each word has been broken down in the same way.
As an example, the word “canoe” is made up of four keystroke pairs. These are: “C-A, A-N, N-O and O-E”. The code is translated by the program as Left-Left-Near, Left-Right-Far, Right-Right-Far and Right-Left-Far. This is compared to the dictionary (that has also been translated in according to this code) and then suggests the most likely word. With a dictionary of around 58,000 words, the system has achieved word detection rates as high as 80 percent.
The technique is not easy. Patrick Traynor, assistant professor at Georgia Tech’s School of Computer Science explains: “We first tried our experiments with an iPhone 3GS, and the results were difficult to read. But then we tried an iPhone 4, which has an added gyroscope to clean up the accelerometer noise, and the results were much better. We believe that most smartphones made in the past two years are sophisticated enough to launch this attack.”
Previous studies have used microphone vibrations to pick up on typing patterns, but a microphone is much more sensitive than an accelerometer. Your typical smartphone microphone can sample vibrations at 44,000 times per second, while the accelerometers sample just 100 times per second. Microphones also tend to be more secure than accelerometers; the phones operating system tends to ask users whether to give any new applications access to built-in sensors, but the accelerometer is rarely protected in this way.
Of course, your phone would have to be infected with some spyware first, but this could be achieved through a seemingly-innocuous application that doesn’t ask to use any of the phone sensors that might make you suspicious. Once downloaded, the keyboard detection malware could be activated so the next time you start typing with your phone next to you, it could be listening.
If you are worried that your phone might be spying on you — something that the researchers say is very unlikely because it’s so hard to do — you can just leave your phone in your bag or in a pocket.
Image: William Brawley/Flickr