Q

Assessing smartphone eavesdropping via keyboard vibrations

Is smartphone eavesdropping via keyboard vibrations a credible enterprise threat? Mike Chapple explains.

I have heard smartphones may pose a dangerous security threat to enterprises; due to an internal structure of sensors through which vibrations can be detected remotely, attackers with the necessary tools may gain access to words with an accuracy of up to 80%. Is this a genuine threat enterprises should prepare for? If so, is it time for me to tell my executives they can't place their phones near their keyboards anymore?

The risk of smartphone eavesdropping of keyboard vibrations was first pointed out by Philip Marquardt of MIT Lincoln Labs and colleagues from Georgia Tech in a paper presented at the ACM Conference on Computer and Communications Security in October 2011.  The researchers demonstrated a theoretical keyboard eavesdropping attack, waged using the accelerometers present in smartphones.

In their controlled laboratory environment, Marquardt and his colleagues used an iPhone 4 to monitor a user’s typing on a nearby keyboard. They claimed being able to achieve accuracy rates between 46-80% in reconstructing the words typed on the keyboard during such an attack.

Fortunately, enterprise employees don’t work in controlled laboratory environments.  In addition to requiring the user to place his or her smartphone in direct proximity to the keyboard, the attacker must first have convinced the user to install and execute a malicious application on the device.  The unlikely confluence of these circumstances greatly mitigates the threat to real users.

The bottom line is security professionals have plenty of real-world risks to worry about, and it’s not worthwhile to let this one keep them up at night until actual exploits in the wild begin to occur.  I suspect this threat is unlikely to cause trouble in the foreseeable future.

This was first published in January 2012

Dig deeper on Smartphone and PDA Viruses and Threats-Setup and Tools

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close