Are you using a pattern lock for your Smartphone to remain untouched from cyber criminals? But you are not aware that even your swipe gestures can be analyzed by hackers.
Neal Hindocha, a security adviser for the technology company Trustwave, has developed a prototype malware for the Smartphones that works the same as a keylogger software for desktop.
The malware dubbed as ‘Screenlogging’, is capable of monitoring finger swipes on the screen of your smart devices in combination with taking screenshots to know exactly how the user is interacting with their phone or tablet, reported by Forbes.
The concept used by him is the same that of Keyloggers, a critical type of malware for cyber criminals, which records the input typed into the keyboard and can easily detect passwords for email, social media and of online bank accounts. In the same way the ‘Screenlogger’ take care of the inputs taped and swiped on the screen. It logs the X and Y coordinates where the user has touched the screen, so a hacker would know what the user is doing and on which application.
Hindocha says, “If you’re monitoring all touch events and the phone hasn’t been touched for at least one hour, then you get a minimum of four touch events, you can assume that is a PIN code being entered.”
He also added that “The more interesting thing is, if you get a screenshot and then overlay the touch events, you’re looking at a screenshot of what the user is seeing, combined with dots, sequentially, where the user is touching the screen.”
But the demonstration of Hindocha works only with the administrative privileges of the device i.e. On the jailbroken iOS and the rooted Android devices only. In order to install the malware, the device should be connected to a computer via USB cable. But this limitation don't mean to relax, because there are many similar vectors available to infect the device.
It would be estimated that the malicious version of the Proof-of-Concept app created by Hindocha, which is capable of tracking taps and swipes of the users’ Smartphone, a malicious hacker might be able to steal PINs, account numbers, passwords and other sensitive information easily.
Hindocha is planning to demonstrate his ‘Screenlogging’ malware at the upcoming RSA Security conference next month.