Tomer Glick, Yossi Oren, Rami Puzis, Asaf Shabtai
SEMS (2017)
Security-conscious users are very careful with softwarethey allow their phone to run. They are much lesscareful with the choices they make regarding accessories suchas headphones or chargers and only few, if any, care aboutcyber security threats coming from the phone’s protectivecase. We show how a malicious smartphone protective casecan be used to detect and monitor the victim’s interactionwith the phone’s touchscreen, opening the door to keyloggerlikeattacks, threatening the user’s security and privacy. Thisfeat is achieved by implementing a hidden capacitive sensingmechanism inside the case. Our attack is both sensitive enoughto track the user’s finger location across the screen, andsimple and cheap enough to be mass-produced and deployed enmasse. We discuss the theoretical principles behind this attack,present a preliminary proof-of-concept, and discuss potentialcountermeasures and mitigations.