Security News > 2022 > May > Attackers Can Use Electromagnetic Signals to Control Touchscreens Remotely

GhostTouch, as it's called, "Uses electromagnetic interference to inject fake touch points into a touchscreen without the need to physically touch it," a group of academics from Zhejiang University and Technical University of Darmstadt said in a new research paper.

The core idea is to take advantage of the electromagnetic signals to inject fake touch events such as taps and swipes into targeted locations of the touchscreen with the goal of taking over remote control and manipulating the underlying device.

The attack, which works from a distance of up to 40mm, hinges on the fact that capacitive touchscreens are sensitive to EMI, leveraging it to inject electromagnetic signals into transparent electrodes that are built into the touchscreen so as to register them as touch events.

The experimental setup involves an electrostatic gun to generate a strong pulse signal that's then sent to an antenna to transmit an electromagnetic field to the phone's touchscreen, thereby causing the electrodes - which act as antennas themselves - to pick up the EMI. This can be further fine-tuned by tweaking the signal and the antenna to induce a variety of touch behaviors, such as press and hold and swipe to select, depending on the device model targeted.

To counteract the threat, the researchers recommend adding electromagnetic shielding to block EMI, improving the detection algorithm of the touchscreen, and prompting users to enter the phone's PIN or verify their faces or fingerprints prior to executing high-risk actions.

"GhostTouch controls and shapes the near-field electromagnetic signal, and injects touch events into the targeted area on the touchscreen, without the need for physical touch or access to the victim's device," the researchers said.

News URL

https://thehackernews.com/2022/05/attackers-can-use-electromagnetic.html