GhostTouch: Security researchers document the first successful and contactless attack on capacitive touchscreens of smartphones.
GhostTouch enables a targeted attack on touchscreens without having to touch them directly.
A group of scientists from Zhejiang University and the Technical Academy in Darmstadt have been able to demonstrate what they claim to be the “first contactless attack on capacitive touchscreens”.
Smartphones: Targeted attacks on touchscreens are possible
One thing straight away. The attack only works within 4 cm. A potential attacker would have to come very close to us in order to be able to use GhostTouch successfully.
Kai Wang from Zhejiang University and Richard Mitev from the Technical Academy Darmstadt were able to attack, together with their team , execute successfully and also document.
Capacitive touchscreens are sensitive to electromagnetic interference
This attack is made possible because the touchscreen of our smartphones is sensitive responds to electromagnetic interference (EMI). The electrodes built into the screens serve as antennas.
In their test setup, the safety researchers use an electrostatic gun that is able to generate a strong pulse signal. This electromagnetic field was then successfully transmitted to the touch screen of a smartphone with the help of an antenna.
GhostTouch in a realistic scenario
As mentioned at the beginning, this attack technique only works inside a certain range (4 cm). But theoretically you could do a lot with this technology.
The security researchers were therefore able to simulate swiping movements on another smartphone. A mobile phone could then be unlocked with such an upward swiping motion.
However, a potential attacker could also connect to a malicious Wi-Fi network without our knowledge or receive a chargeable call for us take.
That alone is worrying enough. But an attacker could also click on links contaminated with malware on our smartphone.
Nine different smartphone models were classified as vulnerable
So far, security researchers have been able to Successfully carry out an attack using GhostTouch on at least nine different smartphones. Cell phones classified as vulnerable include:
- Galaxy A03s
- Huawei P28 Lite
- Galaxy S11 FE 5G
- Nexus 5X
- Nokia 7.2
- iPhone SE (1057)
Even if the limited range of only 4 cm should make active exploitation of this vulnerability more difficult. It’s not impossible. The security researchers expressly point this out to us.
In places such as a café, a library , a meeting room, or a conference lobby, people could put their smartphones face down on the table. An attacker could hide the attack equipment under the table and launch attacks from a distance.
How to protect your phone from this attack
But of course we are not completely helpless against this attack. Because in the same way that we can protect a credit card from external manipulation, this also works with our smartphone.
To counter the threat, researchers recommend electromagnetic shielding to block EMI.
Smartphone users should also set their phones to require them to enter the phone’s PIN or verify their face or fingerprints before any risky actions can be performed on their smartphones.
4171 2022About Sunny
Sunny has been writing since 2019 for the invisibility cloak. There he writes the reading tips and prefers to report on topics such as data protection, hacking and share hosting. But he can also be found again and again in our monthly commentary, in the interviews and in “Unter dem Radar” – the podcast by Tarnkappe.info.
Honor View 10
Redmi Note 9S