By Christopher Intagliata
Used to be if spies wanted to eavesdrop, they planted a bug. These days, it's much easier. Because we all carry potential bugs in our pockets—smartphones. One team of researchers used an iPhone to track typing on a nearby computer keyboard with up to 80 percent accuracy. They presented the findings at a computer security conference in Chicago. [Philip Marquardt et al, (sp)iPhone: Decoding Vibrations From Nearby Keyboards Using Mobile Phone Accelerometers, 18th ACM Conference on Computer and Communications Security]
The researchers designed a malicious app for the iPhone 4. When you place the phone near a keyboard, it exploits accelerometer and gyroscope data to sense vibrations as the victim types—detecting whether keystrokes come from the left or right side of the keyboard, and how near or far subsequent keys are from each other. Then, using that seismic fingerprint, the app checks a pre-created "vibrational" dictionary for the most likely words—a technique that works reliably on words of three letters or more.
Of course, you'd need to install the app to allow it to spy. But whereas most apps have to ask permission to access location data or the camera, that's not so for the accelerometer. This kind of attack may offer good reason to limit accelerometer access too—and keep iPhones from becoming "spiPhones."