As explained in an article published on the website thehackernews.com, researchers have demonstrated what they call the first active contactless attack against all types of touch screens.

According to research by a group of academics from Zhejiang University and the Technical University of Darmstadt in a new research paper, GhostTouch uses electromagnetic interference (EMI) to inject fake touch points into a touchscreen without the need to physically touch it.

The basic idea is to harness electromagnetic signals to execute basic touch events, such as taps and swipes to specific locations on the touch screen with the goal of taking over remote control and manipulating the underlying device.

The attack, which works from a distance of up to 40 mm, is based on the fact that touch screens are sensitive to EMI, which is exploited to inject electromagnetic signals into transparent electrodes that are incorporated into the touch screen to register them as touch events.

The experimental setup involves an electrostatic gun to generate a pulse signal that is then sent to an antenna to transmit an electromagnetic field on the phone’s touch screen, which causes electrodes, acting as antennas, to pick up the EMI.

This can be further adjusted by selecting the signal and antenna to induce a variety of touch behaviours, such as press and hold and swipe to select, depending on the device model.

In a real-world scenario, this could occur in a variety of ways, such as swiping up to unlock a phone, connecting to a Wi-Fi network, stealthily clicking on a malicious link containing malware, and even answering a phone call on the victim’s mobile phone.

In places such as a cafe, library, meeting room or conference lobbies, people should put the smartphone face down on the table, the researchers explained. However, an attacker can embed the attack equipment under the table and launch attacks remotely.

Up to nine different smartphone models have been found vulnerable to GhostTouch: Galaxy A10s, Huawei P30 Lite, Honor View 10, Galaxy S20 FE 5G, Nexus 5X, Redmi Note 9S, Nokia 7.2, Redmi 8 and an iPhone SE (2020), the last of which was used to establish a malicious Bluetooth connection.

To counter the threat, the researchers recommend adding electromagnetic shielding to block EMI, improving the touchscreen detection algorithm, and asking users to enter the phone’s PIN or verify their faces or fingerprints before carrying out high-risk actions.

GhostTouch controls and shapes the near-field electromagnetic signal and injects touch events into the targeted area of the touchscreen without the need to physically touch or access the victim’s device, researchers explain.

_____

Aquest apunt en català / Esta entrada en español / Post en français