Smartphone Hackers Can Get Data by Analyzing Touchscreen User Interactions

A team of cybersecurity researchers at Ben-Gurion University of the Negev (BGU) has demonstrated that valuable user information can be exfiltrated by tracking smartphone touch movements to impersonate a user on compromised, third party touchscreens while sending emails, conducting financial transactions or even playing games.

Broken smartphone touchscreens are often replaced with aftermarket components produced by third-party manufacturers that have been found to have malicious code embedded in its circuitry.

"Our research objective was to use machine learning to determine the amount of high-level context information the attacker can derive by observing and predicting the user’s touchscreen interactions," says Dr. Yossi Oren, a researcher in the BGU Department of Software and Information Systems Engineering. "If an attacker can understand the context of certain events, he can use the information to create a more effective customized attack.”

For example, a hacker can learn when to steal user information or how to hijack the phone by inserting malicious touches. The researchers recorded 160 touch interaction sessions from users running many different applications to quantify the amount of high level context information. Using a series of questions and games, the researchers employed machine learning to determine stroke velocity, duration and stroke intervals on specially modified LG Nexus Android phones.

According to the researchers, the machine learning results demonstrated an accuracy rate of 92 percent.

"Now that we have validated the ability to obtain high level context information based on touch events alone, we recognize that touch injection attacks are a more significant potential threat," Dr. Oren says. "Using this analysis defensively, we can also stop attacks by identifying anomalies in a user's typical phone use and deter unauthorized or malicious phone use."

Dr. Oren presented the findings at the Second International Symposium on Cybersecurity, Cryptography and Machine Learning (CSCML) June 21-22 in Beer-Sheva, Israel. The findings were published by Springer in the Lecture Notes on Computer Science. The team of researchers includes BGU undergraduate students Moran Azaran, Niv Ben-Shabat, and Tal Shkonik.

ON DEMAND: Business-impacting events such as severe weather, man-made disasters, and supply chain disruption are increasing in frequency and making impacts around the globe.

In today's rapidly evolving security landscape, organizations face an ever-growing array of disruptive events, security threats and risks. Traditional reactive approaches to security intelligence often leave businesses vulnerable and ill-prepared to anticipate and mitigate emerging threats that could impact the safety of their people, facilities or operations.