TU Darmstadt / ULB / TUbiblio

GhostTouch: Targeted Attacks on Touchscreens without Physical Touch

Wang, Kai ; Mitev, Richard ; Yan, Chen ; Ji, Xiaoyu ; Sadeghi, Ahmad-Reza ; Xu, Wenyuan
ed.: USENIX Association (2022)
GhostTouch: Targeted Attacks on Touchscreens without Physical Touch.
31st USENIX Security Symposium (USENIX Security 22). Boston, USA (10.-12.08.2022)
Conference or Workshop Item, Bibliographie

Abstract

Capacitive touchscreens have become the primary human-machine interface for personal devices such as smartphones and tablets. In this paper, we present GhostTouch, the first active contactless attack against capacitive touchscreens. GhostTouch uses electromagnetic interference (EMI) to inject fake touch points into a touchscreen without the need to physically touch it. By tuning the parameters of the electromagnetic signal and adjusting the antenna, we can inject two types of basic touch events, taps and swipes, into targeted locations of the touchscreen and control them to manipulate the underlying device. We successfully launch the GhostTouch attacks on nine smartphone models. We can inject targeted taps continuously with a standard deviation of as low as 14.6 × 19.2 pixels from the target area, a delay of less than 0.5s and a distance of up to 40mm. We show the real-world impact of the GhostTouch attacks in a few proof-of-concept scenarios, including answering an eavesdropping phone call, pressing the button, swiping up to unlock, and entering a password. Finally, we discuss potential hardware and software countermeasures to mitigate the attack.

Item Type: Conference or Workshop Item
Erschienen: 2022
Creators: Wang, Kai ; Mitev, Richard ; Yan, Chen ; Ji, Xiaoyu ; Sadeghi, Ahmad-Reza ; Xu, Wenyuan
Type of entry: Bibliographie
Title: GhostTouch: Targeted Attacks on Touchscreens without Physical Touch
Language: English
Date: August 2022
Publisher: USENIX Association
Book Title: Proceedings of the 31st USENIX Security Symposium
Event Title: 31st USENIX Security Symposium (USENIX Security 22)
Event Location: Boston, USA
Event Dates: 10.-12.08.2022
URL / URN: https://www.usenix.org/conference/usenixsecurity22/presentat...
Corresponding Links:
Abstract:

Capacitive touchscreens have become the primary human-machine interface for personal devices such as smartphones and tablets. In this paper, we present GhostTouch, the first active contactless attack against capacitive touchscreens. GhostTouch uses electromagnetic interference (EMI) to inject fake touch points into a touchscreen without the need to physically touch it. By tuning the parameters of the electromagnetic signal and adjusting the antenna, we can inject two types of basic touch events, taps and swipes, into targeted locations of the touchscreen and control them to manipulate the underlying device. We successfully launch the GhostTouch attacks on nine smartphone models. We can inject targeted taps continuously with a standard deviation of as low as 14.6 × 19.2 pixels from the target area, a delay of less than 0.5s and a distance of up to 40mm. We show the real-world impact of the GhostTouch attacks in a few proof-of-concept scenarios, including answering an eavesdropping phone call, pressing the button, swiping up to unlock, and entering a password. Finally, we discuss potential hardware and software countermeasures to mitigate the attack.

Divisions: 20 Department of Computer Science
20 Department of Computer Science > System Security Lab
Profile Areas
Profile Areas > Cybersecurity (CYSEC)
Date Deposited: 12 Oct 2022 08:08
Last Modified: 27 Apr 2023 07:41
PPN: 50730392X
Corresponding Links:
Export:
Suche nach Titel in: TUfind oder in Google
Send an inquiry Send an inquiry

Options (only for editors)
Show editorial Details Show editorial Details