Researchers say they have found a way to use an hidden antenna array that emanates an electromagnetic field to tap and swipe on a phone remotely. They are comparing this technique to having an ”invisible finger” control your phone’s touchscreen.
The researchers performed various tests of their technique. In one of them, which can be seen on YouTube, they put a contraption made of an antenna array, a screen locator, and an injection detector in a cardboard box placed under a table. When they placed an iPad on top of the box, their contraption was able to detect the type of device that was placed on top of it and its orientation. The researchers said they were then able to send electromagnetic pulses to the iPad’s touchscreen simulating a touch.
In this scenario, an attacker could use a Wi-Fi or cellular connection to remotely connect to the antenna and interact with the phone, Haoqi Shan, one of the researchers from University of Florida, who developed the attack, told Motherboard in a call.
The technique, technically known as “Intentional Electromagnetic Interference (IEMI) attack,” was presented in May at the academic conference IEEE Symposium on Security and Privacy. The researchers are also doing a talk at the cybersecurity conference Black Hat in Las Vegas on Wednesday. The researchers shared the academic paper where they detailed this attack with Motherboard.
This attack is possible because most modern touchscreens work by using electrodes placed underneath the screen to detect the small electrical charge released by a finger when it comes into contact with the screen, Shuo Wang, a professor of electronics at the University of Florida who worked on the research, told Motherboard.
Introducing what Shan defined as a “simple false touch” on the screen is relatively easy, the hard part was to figure out how to send the false touch to the exact place on the screen where the attacker wants to tap. To do that, Shan said he and his colleagues had to do mathematical calculations and analyze the sensing mechanisms of different touchscreens from popular devices like the iPhone, iPad, and Android phones.
It’s important to note that the attack has a few key limitations. Firstly, the hackers need to know the target’s phone passcode, or launch the attack while the phone is unlocked. Secondly, the victim needs to put the phone face down, otherwise the battery and motherboard will block the electromagnetic signal. Thirdly, the antenna array has to be no more than four centimeters (around 1.5 inches) away. For all these reasons the researchers themselves admit that the “invisible finger” technique is a proof of concept that at this point is far from being a threat outside of a university lab.
“Regular people, they don't really need to worry too much about this type of attack,” Shan told Motherboard in a phone call.