Wang, Kai ; Mitev, Richard ; Yan, Chen ; Ji, Xiaoyu ; Sadeghi, Ahmad-Reza ; Xu, Wenyuan
Hrsg.: USENIX Association (2022)
GhostTouch: Targeted Attacks on Touchscreens without Physical Touch.
31st USENIX Security Symposium (USENIX Security 22). Boston, USA (10.08.2022-12.08.2022)
Konferenzveröffentlichung, Bibliographie
Kurzbeschreibung (Abstract)
Capacitive touchscreens have become the primary human-machine interface for personal devices such as smartphones and tablets. In this paper, we present GhostTouch, the first active contactless attack against capacitive touchscreens. GhostTouch uses electromagnetic interference (EMI) to inject fake touch points into a touchscreen without the need to physically touch it. By tuning the parameters of the electromagnetic signal and adjusting the antenna, we can inject two types of basic touch events, taps and swipes, into targeted locations of the touchscreen and control them to manipulate the underlying device. We successfully launch the GhostTouch attacks on nine smartphone models. We can inject targeted taps continuously with a standard deviation of as low as 14.6 × 19.2 pixels from the target area, a delay of less than 0.5s and a distance of up to 40mm. We show the real-world impact of the GhostTouch attacks in a few proof-of-concept scenarios, including answering an eavesdropping phone call, pressing the button, swiping up to unlock, and entering a password. Finally, we discuss potential hardware and software countermeasures to mitigate the attack.
| Typ des Eintrags: | Konferenzveröffentlichung |
|---|---|
| Erschienen: | 2022 |
| Autor(en): | Wang, Kai ; Mitev, Richard ; Yan, Chen ; Ji, Xiaoyu ; Sadeghi, Ahmad-Reza ; Xu, Wenyuan |
| Art des Eintrags: | Bibliographie |
| Titel: | GhostTouch: Targeted Attacks on Touchscreens without Physical Touch |
| Sprache: | Englisch |
| Publikationsjahr: | August 2022 |
| Verlag: | USENIX Association |
| Buchtitel: | Proceedings of the 31st USENIX Security Symposium |
| Veranstaltungstitel: | 31st USENIX Security Symposium (USENIX Security 22) |
| Veranstaltungsort: | Boston, USA |
| Veranstaltungsdatum: | 10.08.2022-12.08.2022 |
| URL / URN: | https://www.usenix.org/conference/usenixsecurity22/presentat... |
| Zugehörige Links: | |
| Kurzbeschreibung (Abstract): | Capacitive touchscreens have become the primary human-machine interface for personal devices such as smartphones and tablets. In this paper, we present GhostTouch, the first active contactless attack against capacitive touchscreens. GhostTouch uses electromagnetic interference (EMI) to inject fake touch points into a touchscreen without the need to physically touch it. By tuning the parameters of the electromagnetic signal and adjusting the antenna, we can inject two types of basic touch events, taps and swipes, into targeted locations of the touchscreen and control them to manipulate the underlying device. We successfully launch the GhostTouch attacks on nine smartphone models. We can inject targeted taps continuously with a standard deviation of as low as 14.6 × 19.2 pixels from the target area, a delay of less than 0.5s and a distance of up to 40mm. We show the real-world impact of the GhostTouch attacks in a few proof-of-concept scenarios, including answering an eavesdropping phone call, pressing the button, swiping up to unlock, and entering a password. Finally, we discuss potential hardware and software countermeasures to mitigate the attack. |
| Fachbereich(e)/-gebiet(e): | 20 Fachbereich Informatik 20 Fachbereich Informatik > Systemsicherheit Profilbereiche Profilbereiche > Cybersicherheit (CYSEC) |
| Hinterlegungsdatum: | 12 Okt 2022 08:08 |
| Letzte Änderung: | 27 Apr 2023 07:41 |
| PPN: | 50730392X |
| Export: | |
| Suche nach Titel in: | TUfind oder in Google |
 |
Frage zum Eintrag |
Optionen (nur für Redakteure)
 |
Redaktionelle Details anzeigen |
Drucken
Impressum