The researchers demonstrated what they call the “first active non-contact attack against capacitive touchscreens.”
Ghost Touchas it is called, “uses electromagnetic interference (EMI) to inject false touch points into a touchscreen without the need to physically touch it”, a group of academics from Zhejiang University and the University Darmstadt technology said in a new research paper.
The central idea is to leverage electromagnetic signals to inject fake touch events such as taps and swipes into targeted locations on the touchscreen with the aim of remotely gaining control and manipulating the device under power. underlying.
The attack, which works at a distance of up to 40 mm, is based on the fact that capacitive touch screens are sensitive to EMI, taking advantage to inject electromagnetic signals into transparent electrodes embedded in the touch screen to register them as touch events.
The breadboard involves an electrostatic gun to generate a powerful pulse signal which is then sent to an antenna to transmit an electromagnetic field to the phone’s touchscreen, causing the electrodes – which themselves act as antennae – to pick up the NDE.
This can be further refined by adjusting the signal and antenna to induce a variety of touch behaviors, such as press and hold and swipe to select, depending on the targeted device model.
In a real-life scenario, this could play out in a number of ways, including swiping up to unlock a phone, connecting to a malicious Wi-Fi network, stealthily clicking on a malicious link containing malware, and even responding to a phone call on the victim’s phone. behalf.
“In places like a coffee shop, library, meeting room, or conference halls, people may place their smartphones face down on the table,” the researchers said. “An attacker can embed attack gear under the table and launch ranged attacks.”
As many as nine different smartphone models have been found vulnerable to GhostTouch, including Galaxy A10s, Huawei P30 Lite, Honor View 10, Galaxy S20 FE 5G, Nexus 5X, Redmi Note 9S, Nokia 7.2, Redmi 8, and an iPhone SE ( 2020), the latter being used to establish a malicious Bluetooth connection.
To counter the threat, the researchers recommend adding electromagnetic shielding to block EMI, improving the touchscreen detection algorithm, and prompting users to enter the phone’s PIN or verify their face. or their fingerprints before performing high-risk actions.
“GhostTouch controls and shapes the near-field electromagnetic signal and injects touch events into the targeted area on the touchscreen, without the need for physical contact or access to the victim’s device,” they said. Researchers.