Latest News: Technology |  Celebrity |  Movies |  Apple |  Cars |  Business |  Sports |  TV Shows |  Geek

Trending

Filed under: News | Technology News

 

Trustwave Demonstrates Malware Records Touchscreen Swipes To Record Your PIN

Jan 28 2014, 2:18am CST | by

1 Updates
Trustwave Demonstrates Malware Records Touchscreen Swipes To Record Your PIN
 
 

YouTube Videos Comments

Full Story

Trustwave Demonstrates Malware Records Touchscreen Swipes To Record Your PIN

Neal Hindocha, a senior security consultant for Trustwave, has built proof-of-concept ‘screenlogging’ malware that monitors finger swipes on smart devices in combination with taking screenshots, painting a picture of exactly how the user is interacting with their phone or tablet.

Hindocha’s concept malware logs the X and Y coordinates of any swipe or touch. Speaking with Forbes, Hincocha says it wasn’t much hassle to get the code running on jailbroken iOS and rooted Android devices, and that it’s possible to get it working on regular Android smartphones, provided they are plugged into a PC – for example, while charging by USB.

Trustwave was examining financial malware on the Windows platform and wanted to see if similar methods could be applied to mobile. Keylogging has been a typical component for financial Windows malware, and there are apps that already log keyboard inputs on smart devices. But Hindocha says the finance industry is moving away from using typical keyboard inputs, whether it is with a PIN code or another kind of password.

Recording touch screen coordinates “has a certain value in itself,” Hindocha says. “If you’re monitoring all touch events and the phone hasn’t been touched for at least one hour, then you get a minimum of four touch events, you can assume that is a PIN code being entered.”

“The more interesting thing is, if you get a screenshot and then overlay the touch events, you’re looking at a screenshot of what the user is seeing, combined with dots, sequentially, where the user is touching the screen.”

The end result, Hindocha explains, is that it doesn’t matter how a user inputs the information: all of it is going to be captured.

It’s also possible to figure out where on the device the user is at a given time – you can set the code to take screenshots only when a user is in an app rather than on the home screen to avoid racking up a lot of disk space.

This kind of attack is probably not something most users will have to worry about. Running malware like this on an industrial scale would be labor intensive, as it’s difficult to automate or search through images for relevant information.

From a social engineering perspective, though, it could have its uses.

“It’s more likely this could be used against specific users or companies,” Hindocha says. “Targeted attacks are likely vectors.”

Hindocha hopes that by demonstrating his concept at the upcoming RSA Security conference, he will help make app developers and companies with high security requirements understand the importance of issues that, if ignored, could potentially leave people or businesses wide open.

Source: Forbes

 

You Might Also Like

Updates


Sponsored Update


Advertisement


More From the Web

Shopping Deals

 
 
 

<a href="/latest_stories/all/all/31" rel="author">Forbes</a>
Forbes is among the most trusted resources for the world's business and investment leaders, providing them the uncompromising commentary, concise analysis, relevant tools and real-time reporting they need to succeed at work, profit from investing and have fun with the rewards of winning.

 

 

Comments

blog comments powered by Disqus

Latest stories

Tony Gwynn to be Honored at Lake Poway
Tony Gwynn to be Honored at Lake Poway
The Poway City Council will name a ball field after the late San Diego Padres legend Tony Gwynn.
 
 
Mike Wallace Not Getting Enough Penalty Calls
Mike Wallace Not Getting Enough Penalty Calls
Miami Dolphins wide receiver Mike Wallace told The Palm Beach Post on Aug. 19 that his team is not getting the benefit of the doubt on illegal contact penalties.
 
 
Bill Belichick Says Brandon LaFell Could Have Big Role in 2014
Bill Belichick Says Brandon LaFell Could Have Big Role in 2014
New England Patriots head coach Bill Belichick predicts new wide receiver Brandon LaFell could have a big role in the upcoming 2014 NFL season.
 
 
Steven Tyler Posts Single From &quot;Sin City&quot; Soundtrack.
Steven Tyler Posts Single From "Sin City" Soundtrack.
The song 'Skin City', is a bonus song featured on the soundtrack.
 
 
 

About the Geek Mind

The “geek mind” is concerned with more than just the latest iPhone rumors, or which company will win the gaming console wars. I4U is concerned with more than just the latest photo shoot or other celebrity gossip.

The “geek mind” is concerned with life, in all its different forms and facets. The geek mind wants to know about societal and financial issues, both abroad and at home. If a Fortune 500 decides to raise their minimum wage, or any high priority news, the geek mind wants to know. The geek mind wants to know the top teams in the National Football League, or who’s likely to win the NBA Finals this coming year. The geek mind wants to know who the hottest new models are, or whether the newest blockbuster movie is worth seeing. The geek mind wants to know. The geek mind wants—needs—knowledge.

Read more about The Geek Mind.