We have a fond love for the internet. It’s a place where we can keep on the latest trends, whether it’s the news, sports, the weather, our social media or any other area of interest. Not only are we online at home or in the office, but with our smartphones or tablets, we can be online at virtually anytime. That being stated, our private data is even more vulnerable to being either hacked or even stolen. The ways that this vulnerability is being compromised sometimes can be surprising.
This new malware Trojan is determining keystrokes based on phone vibration and movement. It’s the latest ingenious method of parting a device and its data from the user. The culprit is a new Trojan horse program, created by security researchers at Pennsylvania State University. Of course all malware would be directed towards the world’s most popular mobile operating system. It takes advantage of one of the flaws in Google's Android mobile operating system that lets background apps monitor the device's sensors -- like the accelerometer, which detects movement and orientation.
Enter the malicious app, which it should be noted is not in the wild, it first establishes a pattern by getting the user to put in numbers on the keypad within the app, and logs the vibration patterns created by tapping on different numbers. Therefore when the user is putting in passwords or card data elsewhere, the app continues to listen in to those vibrations, matching them to different numbers. I would encourage smartphone users to keep their files encrypted with a password. Although users are not always safe with this precaution either. Hackers have continued to find security vulnerabilities within Android.
This app, which has been named TapLogger, has been described at a conference as a proof of concept by Zhi Xu, a graduate student at PSU, and two other researchers. Google has not responded to questions regarding the vulnerability. Google has indicated that it has emphasized that they are always actively policing the app store for apps that, like this one, abuse the permissions that they are given by users.