Home page logo

isn logo Information Security News mailing list archives

Trustwave Demonstrates Malware That Logs Touchscreen Swipes To Record Your PIN
From: InfoSec News <alerts () infosecnews org>
Date: Wed, 29 Jan 2014 09:37:11 +0000 (UTC)


By Tamlin Magee

Neal Hindocha, a senior security consultant for Trustwave, has built proof-of-concept 'screenlogging' malware that monitors finger swipes on smart devices in combination with taking screenshots, painting a picture of exactly how the user is interacting with their phone or tablet.

Hindocha’s concept malware logs the X and Y coordinates of any swipe or touch. Speaking with Forbes, Hincocha says it wasn’t much hassle to get the code running on jailbroken iOS and rooted Android devices, and that it’s possible to get it working on regular Android smartphones, provided they are plugged into a PC -- for example, while charging by USB.

Trustwave was examining financial malware on the Windows platform and wanted to see if similar methods could be applied to mobile. Keylogging has been a typical component for financial Windows malware, and there are apps that already log keyboard inputs on smart devices. But Hindocha says the finance industry is moving away from using typical keyboard inputs, whether it is with a PIN code or another kind of password.

Recording touch screen coordinates "has a certain value in itself," Hindocha says. "If you're monitoring all touch events and the phone hasn't been touched for at least one hour, then you get a minimum of four touch events, you can assume that is a PIN code being entered."


Subscribe to InfoSec News

  By Date           By Thread  

Current thread:
  • Trustwave Demonstrates Malware That Logs Touchscreen Swipes To Record Your PIN InfoSec News (Jan 29)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]