Latest News: Technology |  Celebrity |  Movies |  Apple |  Cars |  Business |  Sports |  TV Shows |  Geek

Trending

Filed under: News | Technology News

 

Trustwave Demonstrates Malware Records Touchscreen Swipes To Record Your PIN

Jan 28 2014, 2:18am CST | by

1 Updates
Trustwave Demonstrates Malware Records Touchscreen Swipes To Record Your PIN
 
 

YouTube Videos Comments

Recommend Your Tweet as Top Tweet:

Full Story

Trustwave Demonstrates Malware Records Touchscreen Swipes To Record Your PIN

Neal Hindocha, a senior security consultant for Trustwave , has built proof-of-concept ‘screenlogging’ malware that monitors finger swipes on smart devices in combination with taking screenshots, painting a picture of exactly how the user is interacting with their phone or tablet.

Hindocha’s concept malware logs the X and Y coordinates of any swipe or touch. Speaking with Forbes, Hincocha says it wasn’t much hassle to get the code running on jailbroken iOS and rooted Android devices, and that it’s possible to get it working on regular Android smartphones, provided they are plugged into a PC – for example, while charging by USB.

Trustwave was examining financial malware on the Windows platform and wanted to see if similar methods could be applied to mobile. Keylogging has been a typical component for financial Windows malware, and there are apps that already log keyboard inputs on smart devices. But Hindocha says the finance industry is moving away from using typical keyboard inputs, whether it is with a PIN code or another kind of password.

Recording touch screen coordinates “has a certain value in itself,” Hindocha says. “If you’re monitoring all touch events and the phone hasn’t been touched for at least one hour, then you get a minimum of four touch events, you can assume that is a PIN code being entered.”

“The more interesting thing is, if you get a screenshot and then overlay the touch events, you’re looking at a screenshot of what the user is seeing, combined with dots, sequentially, where the user is touching the screen.”

The end result, Hindocha explains, is that it doesn’t matter how a user inputs the information: all of it is going to be captured.

It’s also possible to figure out where on the device the user is at a given time – you can set the code to take screenshots only when a user is in an app rather than on the home screen to avoid racking up a lot of disk space.

This kind of attack is probably not something most users will have to worry about. Running malware like this on an industrial scale would be labor intensive, as it’s difficult to automate or search through images for relevant information.

From a social engineering perspective, though, it could have its uses.

“It’s more likely this could be used against specific users or companies,” Hindocha says. “Targeted attacks are likely vectors.”

Hindocha hopes that by demonstrating his concept at the upcoming RSA Security conference , he will help make app developers and companies with high security requirements understand the importance of issues that, if ignored, could potentially leave people or businesses wide open.

Source: Forbes

 

You Might Also Like

Updates


Sponsored Update


Advertisement


More From the Web

Shopping Deals

 
 
 

<a href="/latest_stories/all/all/31" rel="author">Forbes</a>
Forbes is among the most trusted resources for the world's business and investment leaders, providing them the uncompromising commentary, concise analysis, relevant tools and real-time reporting they need to succeed at work, profit from investing and have fun with the rewards of winning.

 

 

Comments

blog comments powered by Disqus

Latest stories

Andre Johnson Being Eyed By 4 Teams
Andre Johnson Being Eyed By 4 Teams
Four teams are said to be interested in trading for Houston Texans wide receiver Andre Johnson, per NFL.com.
 
 
Michael Irvin's Wife Told By Cris Carter to Leave Him
Michael Irvin's Wife Told By Cris Carter to Leave Him
Hall of Fame Dallas Cowboys wide receiver Michael Irvin revealed in a recent Dan Le Batard that fellow Hall of Fame wide receiver Cris Carter told his wife to leave him at the height of his cocaine addiction.
 
 
iPhone 6 Will Feature Dynamic Haptic Feedback Technology
iPhone 6 Will Feature Dynamic Haptic Feedback Technology
Every touch is now going to get a vibration in your next gen iPhone
 
 
Apple Starts Receiving New Processors For iPhone 6 From TSMC
Apple Starts Receiving New Processors For iPhone 6 From TSMC
Apple no longer dependent upon Samsung