Credit: CC0 Public Domain
Touch screens on mobile devices can be attacked and manipulated via charging cables and power supply units. This is what researchers at the System Security Lab at TU Darmstadt have discovered together with a Chinese research team. Several smartphones and standalone touchscreen panels could be compromised in practical tests by simulated touches, the "ghost touches." The results were presented at this year's IEEE Symposium on Security and Privacy.
The researchers from TU Darmstadt and Zhejiang University in Hangzhou carried out attacks on capacitive touchscreens via charging cables and power adapters, revealing a new way to attack mobile devices. Similar to their previous research project, "GhostTouch," the researchers were able to create false touches, called "Ghost Touches," on multiple touchscreens and manipulate the device via them.
The international research team had to overcome two main challenges. The first was to affect the capacitive touchscreens via a charging-only cable without damaging the hardware. Electronic devices are usually equipped with resistive filters in the circuits to ensure a stable power supply. It was necessary to design an attack that would work even if users were using a charging-only cable without a data channel, which is typically used in public spaces for privacy and security reasons. Second, the touch points had to be specifically controlled in order to manipulate the device. This was necessary so that—for example—malicious Bluetooth connections could be established, users could be tapped by a phone call, or malware could be received.
In the test setup, a compromised public charging station was assumed to be the starting point of the attack. A manipulated USB char ..
Support the originator by clicking the read the rest link below.
