Submitted via IRC for AnonymousLuser
New attack creates ghost taps on modern Android smartphones
Modern Android smartphones are susceptible to a new type of attack named "Tap 'n Ghost" that can induce fake finger taps to take unwanted actions.
The attack exploits flaws at both the software and hardware level and has been proven to work even against the most recent smartphone models.
It works against most NFC-enabled smartphones with capacitive touchscreens -- which is the most common smartphone touchscreen technology today.
The Tap 'n Ghost attack -- discovered and documented by three academics from the Waseda University in Tokyo -- works using an attack rig that consists of a 5mm thick copper sheet connected to a DDS signal generator, a high-voltage transformer, a battery pack, NFC readers/writers, and a small computer (laptop, Raspberry Pi).
This rig might look bulky, but the research team says it can be embedded inside regular tables, coffee tables, or any other furniture object on which a victim might place their smartphone.
The attack itself consists of two steps. Once a user has placed their smartphone near the attack rig to be in the smartphone's NFC range (of 4 to 10cm), the NFC readers/writers can get basic info about a device and trigger one of three actions.
It can make the user's smartphone open and access a specific URL (doesn't require any interaction), it can ask the smartphone to pair a rogue Bluetooth device (requires interaction), or it can ask the user to connect to a malicious WiFi network (requires interaction).
This works because, by default, Android devices always look for nearby NFC transmissions, at all times.
At this point, the attack moves in the second phase where the attacker can use the copper plate to induce electrical disturbances into the touchscreen.
Because capacitive touchscreens are a collection of electrodes that exchange small currents between each other during a touch interaction, the extra induced noise can cause ghost taps on the screen, either on a vertical or horizontal axis.
These fake taps can be used to hijack a user's original tap on a "No" button and apply it on the "Yes" one, allowing the smartphone to connect to a rogue WiFi network, or approve a malicious Bluetooth connection.
The Waseda research team says it tested the Ghost 'n Tap attack on seven smartphone models and were successful on five.
(Score: -1, Troll) by Anonymous Coward on Thursday June 13 2019, @10:21AM
I am looking forward for Huawei devices not using Android.
(Score: 2, Informative) by Quicksilver on Thursday June 13 2019, @10:44AM
Then this attack works out to "If you have physical access then all bets are off."
(Score: 2) by EJ on Thursday June 13 2019, @01:19PM (8 children)
Who does that? Do people actually lay their phones on a table to use them? If I'm tapping on my screen, the phone is in my hand. If my phone is on a table, it's because I've very temporarily laid it down.
If I'm eating in a restaurant or doing something else where I won't be holding my phone for a long period of time, then my phone is in my pocket.
I don't understand these strange people who toss their phones on a table, then leave them there.
(Score: 3, Funny) by Rupert Pupnick on Thursday June 13 2019, @01:40PM (3 children)
Phones and car keys on the table or bar = status signaling.
I signal status by wearing these items either in my pocket protector, or on my belt. ;)
(Score: 2) by bob_super on Thursday June 13 2019, @05:09PM (2 children)
> Phones and car keys on the table or bar = status signaling.
"My pockets are too small, I must be a fashion victim"
or
"I came to this place, but I can't disconnect from my 'friends' who are not here and more important"
Useful signal, really.
Seriously, car keys are status ? Are you from rural Zimbabwe ?
(Score: 2) by Rupert Pupnick on Thursday June 13 2019, @05:51PM (1 child)
Haha, no, the Northeastern Megalopolis. I should have said key rings with bling. You know, a key chain with some bauble on it, emblazoned with a high end automobile logo.
(Score: 0) by Anonymous Coward on Friday June 14 2019, @01:51AM
In my experience, the ladies just aren't impressed with the Nissan logo on my key fob; it goes with my beige 4-door sedan. Just so you know.
(Score: 0) by Anonymous Coward on Thursday June 13 2019, @05:14PM
I’m reading SN at a restaurant right now with my phone flat on the table.
(Score: 0) by Anonymous Coward on Thursday June 13 2019, @07:14PM (2 children)
From TFS:
10cm = ~4 inches. How far is your phone from tables/chairs when you sit down?
(Score: 2) by EJ on Thursday June 13 2019, @10:45PM (1 child)
I keep NFC turned off on my phone all the time, so I guess it really doesn't matter.
(Score: 0) by Anonymous Coward on Friday June 14 2019, @01:15AM
Obviously, since you're the only person on the planet with an Android phone.
What was I thinking?
(Score: 2) by DannyB on Thursday June 13 2019, @01:52PM (1 child)
I would rather have Tap Ghosts than Ghost Taps.
The lower I set my standards the more accomplishments I have.
(Score: 2) by bob_super on Thursday June 13 2019, @05:04PM
If you're in a shady bar, watch that ghost, it's a trap !
(Score: 3, Insightful) by Anonymous Coward on Thursday June 13 2019, @05:37PM
Well then, maybe you shouldn't be dumb and have NFC turned on.
(Score: 3, Funny) by EvilJim on Thursday June 13 2019, @08:27PM
my work supplied meizu m5c already does ghost taps without the bulky rig and expense, and it does it anywhere - I cant imagine having to put it down on a table to have this happen.