Researcher from Zhejiang University in China and the Technical University of Darmstadt in Germany have recreated hacking techniques known as Ghost Touch, which enables the hacker to control a touch screen without actually touching it. One experiment involves the use of charging cables, others with electromagnetic field interference. All with the goal of utilizing the touch screen from a distance.
In the case of electromagnetic signals, a device might be planted underneath a tabletop to target phones being placed on the surface.
“As many as nine different smartphone models have been found vulnerable to GhostTouch, including Galaxy A10s, Huawei P30 Lite, Honor View 10, Galaxy S20 FE 5G, Nexus 5X, Redmi Note 9S, Nokia 7.2, Redmi 8, and an iPhone SE (2020), the latter of which was used to establish a malicious Bluetooth connection.” (The Hacker News).
There may be ways to prevent vulnerability to real life scenarios.
“To counteract the threat, the researchers recommend adding electromagnetic shielding to block EMI, improving the detection algorithm of the touchscreen, and prompting users to enter the phone's PIN or verify their faces or fingerprints prior to executing high-risk actions.” (The Hacker News).
Attacks through charging cables are known as WIGHT: Wired Ghost Touch.
“In a newly published paper titled 'WIGHT: Wired Ghost Touch Attack on Capacitive Touchscreens' the researchers say they had success when tested on a Samsung Galaxy S20 FE and Apple iPhone SE (2020) as well as devices from Huawei, LG, and Xiaomi.” (Forbes).
WIGHT has three main attack modes. “An injection attack that creates a ghost touch without a user physically touching the screen at all, an alteration attack that can change the actual position of a physical touch to another determined by the hacker, and a denial-of-service attack that totally prevents the targeted smartphone from being able to detect any legitimate, physical, touch.” (Forbes).
The use of USB data blockers is still recommended.
Have any questions about cyber-security? Responsive Technology Partners is the leading cyber-security expert in the Athens, Metter, Milledgeville, Vidalia, and Atlanta, Georgia areas. We also have locations in Tampa, Florida, Roanoke, Virginia, and Raleigh South Carolina. Service offerings include I.T. support, cyber-security and compliance, telephony, cloud services, cabling, access control, and camera systems. Our company’s mission is to provide world-class customer service through industry leading I.T. solutions that make every customer feel as if they are our only customer. Please visit our website to learn more: https://www.responsivetechnologypartners.com/.
Sources:
The Hacker News. https://thehackernews.com/2022/05/attackers-can-use-electromagnetic.html?_m=3n%2e009a%2e2748%2egn0ao443h6%2e1r73
