Information Security News
mailing list archives
Trustwave Demonstrates Malware That Logs Touchscreen Swipes To Record Your PIN
From: InfoSec News <alerts () infosecnews org>
Date: Wed, 29 Jan 2014 09:37:11 +0000 (UTC)
By Tamlin Magee
Neal Hindocha, a senior security consultant for Trustwave, has built
proof-of-concept 'screenlogging' malware that monitors finger swipes on
smart devices in combination with taking screenshots, painting a picture
of exactly how the user is interacting with their phone or tablet.
Hindocha’s concept malware logs the X and Y coordinates of any swipe or
touch. Speaking with Forbes, Hincocha says it wasn’t much hassle to get
the code running on jailbroken iOS and rooted Android devices, and that
it’s possible to get it working on regular Android smartphones, provided
they are plugged into a PC -- for example, while charging by USB.
Trustwave was examining financial malware on the Windows platform and
wanted to see if similar methods could be applied to mobile. Keylogging
has been a typical component for financial Windows malware, and there are
apps that already log keyboard inputs on smart devices. But Hindocha says
the finance industry is moving away from using typical keyboard inputs,
whether it is with a PIN code or another kind of password.
Recording touch screen coordinates "has a certain value in itself,"
Hindocha says. "If you're monitoring all touch events and the phone hasn't
been touched for at least one hour, then you get a minimum of four touch
events, you can assume that is a PIN code being entered."
Subscribe to InfoSec News
- Trustwave Demonstrates Malware That Logs Touchscreen Swipes To Record Your PIN InfoSec News (Jan 29)