{"71506":{"#nid":"71506","#data":{"type":"news","title":"Georgia Tech Turns iPhone Into spiPhone","body":[{"value":"\u003Cp\u003EATLANTA \u2013 Oct. 18, 2011 \u2013 It\u2019s a pattern that no doubt repeats itself daily in hundreds of millions of offices around the world: People sit down, turn on their computers, set their mobile phones on their desks and begin to work. What if a hacker could use that phone to track what the person was typing on the keyboard just inches away?\u003C\/p\u003E\u003Cp\u003EA research team at Georgia Tech has discovered how to do exactly that, using a smartphone accelerometer\u2014the internal device that detects when and how the phone is tilted\u2014to sense keyboard vibrations and decipher complete sentences with up to 80 percent accuracy. The procedure is not easy, they say, but is definitely possible with the latest generations of smartphones.\u003C\/p\u003E\u003Cp\u003E\u201cWe first tried our experiments with an iPhone 3GS, and the results were difficult to read,\u201d said Patrick Traynor, assistant professor in Georgia Tech\u2019s School of Computer Science. \u201cBut then we tried an iPhone 4, which has an added gyroscope to clean up the accelerometer noise, and the results were much better. We believe that most smartphones made in the past two years are sophisticated enough to launch this attack.\u201d\u003C\/p\u003E\u003Cp\u003EPreviously, Traynor said, researchers have accomplished similar results using microphones, but a microphone is a much more sensitive instrument than an accelerometer. A typical smartphone\u2019s microphone samples vibration roughly 44,000 times per second, while even newer phones\u2019 accelerometers sample just 100 times per second\u2014two full orders of magnitude less often. Plus, manufacturers have installed security around a phone\u2019s microphone; the phone\u2019s operating system is programmed to ask users whether to give new applications access to most built-in sensors, including the microphone. Accelerometers typically are not protected in this way.\u003C\/p\u003E\u003Cp\u003EThe technique works through probability and by detecting pairs of keystrokes, rather than individual keys (which still is too difficult to accomplish reliably, Traynor said). It models \u201ckeyboard events\u201d in pairs, then determines whether the pair of keys pressed is on the left versus right side of the keyboard, and whether they are close together or far apart. After the system has determined these characteristics for each pair of keys depressed, it compares the results against a preloaded dictionary, each word of which has been broken down along similar measurements (i.e., are the letters left\/right, near\/far on a standard QWERTY keyboard). Finally, the technique only works reliably on words of three or more letters.\u003C\/p\u003E\u003Cp\u003EFor example, take the word \u201ccanoe,\u201d which when typed breaks down into four keystroke pairs: \u201cC-A, A-N, N-O and O-E.\u201d Those pairs then translate into the detection system\u2019s code as follows: Left-Left-Near, Left-Right-Far, Right-Right-Far and Right-Left-Far, or LLN-LRF-RRF-RLF. This code is then compared to the preloaded dictionary and yields \u201ccanoe\u201d as the statistically probable typed word. Working with dictionaries comprising about 58,000 words, the system reached word-recovery rates as high as 80 percent.\u003C\/p\u003E\u003Cp\u003E\u201cThe way we see this attack working is that you, the phone\u2019s owner, would request or be asked to download an innocuous-looking application, which doesn\u2019t ask you for the use of any suspicious phone sensors,\u201d said Henry Carter, a PhD student in computer science and one of the study\u2019s co-authors. \u201cThen the keyboard-detection malware is turned on, and the next time you place your phone next to the keyboard and start typing, it starts listening.\u201d\u003C\/p\u003E\u003Cp\u003EMitigation strategies for this vulnerability are pretty simple and straightforward, Traynor said. First, since the study found an effective range of just three inches from a keyboard, phone users can simply leave their phones in their purses or pockets, or just move them further away from the keyboard. But a fix that puts less onus on users is to add a layer of security for phone accelerometers.\u003C\/p\u003E\u003Cp\u003E\u201cThe sampling rate for accelerometers is already pretty low, and if you cut it in half, you start to approach theoretical limitations that prevent eavesdropping. The malware simply does not have the data to work with,\u201d Traynor said. \u201cBut most phone applications can still function even with that lower accelerometer rate. So manufacturers could set that as the default rate, and if someone downloads an application like a game that needs the higher sampling rate, that would prompt a permission question to the user to reset the accelerometer.\u201d\u003C\/p\u003E\u003Cp\u003EIn the meantime, Traynor said, users shouldn\u2019t be paranoid that hackers are tracking their keystrokes through their iPhones. \u003C\/p\u003E\u003Cp\u003E\u201cThe likelihood of someone falling victim to an attack like this right now is pretty low,\u201d he said. \u201cThis was really hard to do. But could people do it if they really wanted to? We think yes.\u201d\u003C\/p\u003E\u003Cp\u003EThe finding is reported in the paper, \u201c(sp)iPhone: Decoding Vibrations From Nearby Keyboards Using Mobile Phone Accelerometers,\u201d and will be presented Thursday, Oct. 20, at the 18th ACM Conference on Computer and Communications Security in Chicago. In addition to Carter, Traynor\u2019s coauthors include Georgia Tech graduate student Arunabh Verma and Philip Marquardt of the MIT Lincoln Laboratory.\u003C\/p\u003E\u003Cp\u003E###\u003C\/p\u003E\u003Cp\u003E\u003Cstrong\u003EAbout the Georgia Tech College of Computing\u003C\/strong\u003E\u003C\/p\u003E\u003Cp\u003EThe Georgia Tech College of Computing is a national leader in the creation of real-world computing breakthroughs that drive social and scientific progress. With its graduate program ranked 10th nationally by U.S. News and World Report, the College\u2019s unconventional approach to education is defining the new face of computing by expanding the horizons of traditional computer science students through interdisciplinary collaboration and a focus on human-centered solutions. For more information about the Georgia Tech College of Computing, its academic divisions and research centers, please visit \u003Ca href=\u0022http:\/\/www.cc.gatech.edu\u0022 target=\u0022_self\u0022\u003Ehttp:\/\/www.cc.gatech.edu\u003C\/a\u003E.\u003C\/p\u003E\u003Cp\u003E\u003Cstrong\u003EContact\u003C\/strong\u003E\u003C\/p\u003E\u003Cp\u003EMichael Terrazas\u003C\/p\u003E\u003Cp\u003EAssistant Director of Communications\u003C\/p\u003E\u003Cp\u003ECollege of Computing at Georgia Tech\u003C\/p\u003E\u003Cp\u003E\u003Ca href=\u0022mailto:mterraza@cc.gatech.edu\u0022\u003Emterraza@cc.gatech.edu \u003C\/a\u003E\u003C\/p\u003E\u003Cp\u003E404-245-0707\u003C\/p\u003E","summary":null,"format":"limited_html"}],"field_subtitle":[{"value":"Smartphones\u2019 accelerometer can track strokes on nearby keyboards"}],"field_summary":[{"value":"\u003Cp\u003EA research team led by Patrick Traynor (\u003Cem\u003EComputer Science\u003C\/em\u003E) has discovered how to program a smartphone to sense nearby keyboard vibrations and decipher \ncomplete sentences with up to 80 percent accuracy. \u003Cem\u003ESource: Office of Communications\u003C\/em\u003E\u003C\/p\u003E","format":"limited_html"}],"field_summary_sentence":[{"value":"Smartphones can be programmed to sense nearby keyboard vibrations and decipher sentences."}],"uid":"27174","created_gmt":"2011-10-17 16:51:41","changed_gmt":"2016-10-08 03:10:30","author":"Mike Terrazas","boilerplate_text":"","field_publication":"","field_article_url":"","dateline":{"date":"2011-10-17T00:00:00-04:00","iso_date":"2011-10-17T00:00:00-04:00","tz":"America\/New_York"},"extras":[],"hg_media":{"71541":{"id":"71541","type":"image","title":"Patrick Traynor - spiPhone","body":null,"created":"1449177386","gmt_created":"2015-12-03 21:16:26","changed":"1475894639","gmt_changed":"2016-10-08 02:43:59","alt":"Patrick Traynor - spiPhone","file":{"fid":"193539","name":"patrick_traynor_-_gt_college_of_computing.jpg","image_path":"\/sites\/default\/files\/images\/patrick_traynor_-_gt_college_of_computing_0.jpg","image_full_path":"http:\/\/www.tlwarc.hg.gatech.edu\/\/sites\/default\/files\/images\/patrick_traynor_-_gt_college_of_computing_0.jpg","mime":"image\/jpeg","size":1716647,"path_740":"http:\/\/www.tlwarc.hg.gatech.edu\/sites\/default\/files\/styles\/740xx_scale\/public\/images\/patrick_traynor_-_gt_college_of_computing_0.jpg?itok=siPoPEYs"}}},"media_ids":["71541"],"groups":[{"id":"1183","name":"Home"}],"categories":[{"id":"153","name":"Computer Science\/Information Technology and Security"},{"id":"135","name":"Research"}],"keywords":[{"id":"1404","name":"Cybersecurity"},{"id":"2678","name":"information security"},{"id":"9290","name":"iPhone"},{"id":"13274","name":"patrick traynor"},{"id":"166941","name":"School of Computer Science"},{"id":"168927","name":"smartphones"}],"core_research_areas":[],"news_room_topics":[],"event_categories":[],"invited_audience":[],"affiliations":[],"classification":[],"areas_of_expertise":[],"news_and_recent_appearances":[],"phone":[],"contact":[{"value":"\u003Cp\u003EMichael Terrazas\u003C\/p\u003E\u003Cp\u003E404-245-0707\u003C\/p\u003E\u003Cp\u003E\u003Ca href=\u0022mailto:mterraza@cc.gatech.edu\u0022\u003Emterraza@cc.gatech.edu\u003C\/a\u003E\u003C\/p\u003E","format":"limited_html"}],"email":["mterraza@cc.gatech.edu"],"slides":[],"orientation":[],"userdata":""}}}