Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Mobile & Wireless

New Attack Targets the Touchscreen of Smartphones, Researchers Reveal

A group of researchers has devised a new proof-of-concept attack that targets the touchscreen of Near-Field Communication (NFC)-enabled mobile devices such as smartphones and allows remote control of the devices. 

A group of researchers has devised a new proof-of-concept attack that targets the touchscreen of Near-Field Communication (NFC)-enabled mobile devices such as smartphones and allows remote control of the devices. 

Dubbed Tap ’n Ghost, the attack is comprised of two attack techniques, namely Tag-based Adaptive Ploy (TAP), which relies on device fingerprinting for a tailored attack on the victim device, and Ghost Touch Generator, which can alter the selection of a button on a touchscreen. 

Thus, by using an NFC card emulator, an attacker could use the TAP system to prompt the victim to accept on their smartphone a connection to a Bluetooth-enabled mouse, and could make sure the connection is accepted even if the victim touches the “Cancel” button. 

“After the connection is established, the attacker can remotely take control of the smartphone, with the knowledge about the layout of the screen derived from the device fingerprinting,” researchers from the Waseda University, Japan, explain in a whitepaper. 

TAP, which consists of a processor, a communication interface, such as Wi-Fi, and an NFC-tag emulator, can induce a victim device to perform low-risk actions, such as following a link. 

To perform high-risk actions, such as the pairing with another device, the researchers developed a technique they refer to as Ghost Touch Generator, which can trick the device into sensing “ghost touch events” by injecting intentional noise signals externally, through producing large alternating voltages at a specific frequency.  

Exploiting the NFC implementation of the Android OS version 4.1 or later, the attack targets the mutual capacitive controllers in smartphones, which consist of a grid of transmitter and receiver electrodes and which detect touches by measuring electric current changes between transmitters and receivers.

The research model assumes that an actor has embedded elements used in the attack in a common object such as a table, that they can trigger a specific action from the smartphone when reading an NFC tag, and that they can deceive the user by displaying a notification containing a misleading message. 

Thus, the attacker can place the malicious table in a specific location, and the TAP device begins the attack as soon as the victim’s smartphone is within range. Once the pop-up is displayed on the screen and the victim attempts to cancel the action, the Ghost Touch Generator attack is triggered to alter the election of the buttons.

“After succeeding the compilation of attacks described above, an attacker can employ the further attacks. For instance, the victim’s smartphone will be forced to pair with the Blue-tooth mouse emulated by the Malicious Table. The attacker can fully take control of the smartphone; for instance, the attacker can install any apps remotely, using a paired Bluetooth mouse,” the researchers say. 

The researchers, who also published videos to demonstrate how the attack works, say that they also performed a user study and an online survey, which allowed them to conclude that the threat caused by the attack is realistic. 

Related: Attackers Could Use Mobile Device Sensors to Generate Unique Device Fingerprint

Related: Researchers Create PoC Malware for Hacking Smart Buildings

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Expert Insights

Related Content

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Mobile & Wireless

South Dakota Gov. Kristi Noem says her personal cell phone was hacked and linked it to the release of documents by the January 6...

Cybercrime

A digital ad fraud scheme dubbed "VastFlux" spoofed over 1,700 apps and peaked at 12 billion ad requests per day before being shut down.

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

Application Security

Software maker Adobe on Tuesday released security patches for 29 documented vulnerabilities across multiple enterprise-facing products and warned that hackers could exploit these bugs...