Latest News: Technology |  Celebrity |  Movies |  Apple |  Cars |  Business |  Sports |  TV Shows |  Geek

Trending

Filed under: News | Technology News

 

Trustwave Demonstrates Malware Records Touchscreen Swipes To Record Your PIN

Jan 28 2014, 2:18am CST | by

1 Updates
Trustwave Demonstrates Malware Records Touchscreen Swipes To Record Your PIN
 
 

YouTube Videos Comments

Recommend Your Tweet as Top Tweet:

Full Story

Trustwave Demonstrates Malware Records Touchscreen Swipes To Record Your PIN

Neal Hindocha, a senior security consultant for Trustwave , has built proof-of-concept ‘screenlogging’ malware that monitors finger swipes on smart devices in combination with taking screenshots, painting a picture of exactly how the user is interacting with their phone or tablet.

Hindocha’s concept malware logs the X and Y coordinates of any swipe or touch. Speaking with Forbes, Hincocha says it wasn’t much hassle to get the code running on jailbroken iOS and rooted Android devices, and that it’s possible to get it working on regular Android smartphones, provided they are plugged into a PC – for example, while charging by USB.

Trustwave was examining financial malware on the Windows platform and wanted to see if similar methods could be applied to mobile. Keylogging has been a typical component for financial Windows malware, and there are apps that already log keyboard inputs on smart devices. But Hindocha says the finance industry is moving away from using typical keyboard inputs, whether it is with a PIN code or another kind of password.

Recording touch screen coordinates “has a certain value in itself,” Hindocha says. “If you’re monitoring all touch events and the phone hasn’t been touched for at least one hour, then you get a minimum of four touch events, you can assume that is a PIN code being entered.”

“The more interesting thing is, if you get a screenshot and then overlay the touch events, you’re looking at a screenshot of what the user is seeing, combined with dots, sequentially, where the user is touching the screen.”

The end result, Hindocha explains, is that it doesn’t matter how a user inputs the information: all of it is going to be captured.

It’s also possible to figure out where on the device the user is at a given time – you can set the code to take screenshots only when a user is in an app rather than on the home screen to avoid racking up a lot of disk space.

This kind of attack is probably not something most users will have to worry about. Running malware like this on an industrial scale would be labor intensive, as it’s difficult to automate or search through images for relevant information.

From a social engineering perspective, though, it could have its uses.

“It’s more likely this could be used against specific users or companies,” Hindocha says. “Targeted attacks are likely vectors.”

Hindocha hopes that by demonstrating his concept at the upcoming RSA Security conference , he will help make app developers and companies with high security requirements understand the importance of issues that, if ignored, could potentially leave people or businesses wide open.

Source: Forbes

 

iPad Air Giveaway. Win a free iPad Air.

You Might Also Like

Updates


Sponsored Update


Advertisement


More From the Web

Shopping Deals

 
 
 

<a href="/latest_stories/all/all/31" rel="author">Forbes</a>
Forbes is among the most trusted resources for the world's business and investment leaders, providing them the uncompromising commentary, concise analysis, relevant tools and real-time reporting they need to succeed at work, profit from investing and have fun with the rewards of winning.

 

 

Comments

blog comments powered by Disqus

Latest stories

Apple Asks Suppliers to Manufacture up to 80M iPhone 6 Units by December 30
Apple Asks Suppliers to Manufacture up to 80M iPhone 6 Units by December 30
Apple is reportedly asking its suppliers to gear up for company's biggest initial production run of iPhones. Apple ordered suppliers to manufacture up to 80 million units of both iPhone 6 versions with 4.7-inch and 5.5-inch screen displays by the end of this year.
 
 
Leaked Windows 9 Screenshots Show New Start Menu with &#039;Metro-style&#039; Apps
Leaked Windows 9 Screenshots Show New Start Menu with 'Metro-style' Apps
Microsoft's next generation Windows 9 leaked screenshots again revealed the new Start Menu but with different types of "Metro-style" apps pinned to the menu.
 
 
Apple MacBook Air TV Ad features Stickers
Apple MacBook Air TV Ad features Stickers
Apple released a new cool MacBook Air TV ad. Watch below.
 
 
Aaron Rodgers Takes Charge in Green Bay Packers Offense
Aaron Rodgers Takes Charge in Green Bay Packers Offense
With a rejuvenated Aaron Rodgers orchestrating the offense, the Green Bay Packers have high expectations for the upcoming 2014 NFL season.
 
 
 

About the Geek Mind


Read more about The Geek Mind.