How To Hack A Smartphone With A Business Card Using Gyroscope Signals

How To Hack A Smartphone With A Business Card Using Gyroscope Signals

This $3 Gadget Stuck On Your Business Card Can Turn Your iPhone or Android Smartphone Into A Spyphone

Using a peculiar feature in your iPhone or Android smartphone’s gyroscope, security researchers from Israel’s Ben Gurion University can exfiltrate vital data without your knowledge. The researchers have developed a small gadget which is pretty unnoticeable and can be used to spy on you through your iPhone or Android smartphones gyroscope.

spyphone

The security researchers from Israel’s Ben Gurion University,   Benyamin Farshteindiker, Nir Hasidim, Asaf Grosz and Yossi Oren from the Faculty of Engineering Sciences, have authored a research paper detailing such a gadget. In a paper released today, the security researchers noted a novel, silent and cheap method for transmitting data, such as sound recordings or location data of a target, to a spy’s server, and proof that gyroscopes remain a nice target for advanced hackers. The researchers used the peculiar feature in gyroscopes which was first discovered by Son Y. Shing and others.

One of the researchers, Yossi Oren told Forbes that the $3 gadget is so small that it can be stuck in a business card or even a sticker on your PC/smartphone to escape notice. The $3 gadget will use audio signal to force a phone or tablet gyroscope to vibrate at its resonant frequency.

Samsung data theft Ben Gurion University attack

Once the phone is able to home into the frequency, it would be registered by code running on the target’s phone – most likely within an innocent-looking web page – that queries the gyroscope as quickly as possible, uploading its reading to a server.

Once the gadget is activated, it can start recording audio and location details. It can also transmit this information at a fast rate by just activating and deactivating the gyroscope. The website code would accept those bits and turn them into something useful, like the latitude and longitude of the unsuspecting victim.

READ  Top ten operating systems for ethical hackers and security researchers

The security researchers from Ben Gurion University used a an iPhone 5S, a Samsung Galaxy S5 and a Microsoft Surface Pro 3 tablet in their research paper and PoC. They were successful in tapping into the target device and received the audio signal from the implant device, the state of the gyroscope was collected and sent to an external server by JavaScript code running on a web page.

The researchers have also developed a Android App for doing the same.

Source: TechWorm

Facebooktwittergoogle_plusredditpinterestlinkedinmail
Facebooktwittergoogle_pluslinkedinrssyoutube

COMMENTS