Attackers Can Use Electromagnetic Signals to Control Touchscreens Remotely

Summary:

Researchers have demonstrated what they call the "first active contactless attack against capacitive touchscreens." GhostTouch, as it is called, "uses electromagnetic interference (EMI) to inject fake touch points into a touchscreen without the need to physically touch it," a group of academics from Zhejiang University and Technical University of Darmstadt said in a new research paper. The core idea is to take advantage of the electromagnetic signals to execute basic touch events such as taps and swipes into targeted locations of the touchscreen with the goal of taking over remote control and manipulating the underlying device. The attack, which works from a distance of up to 40mm, hinges on the fact that capacitive touchscreens are sensitive to EMI, leveraging it to inject electromagnetic signals into transparent electrodes that are built into the touchscreen so as to register them as touch events. The experimental setup involves an electrostatic gun to generate a strong pulse signal that is then sent to an antenna to transmit an electromagnetic field to the phone's touchscreen, thereby causing the electrodes — which act as antennas themselves — to pick up the EMI.

Additional Discussion:

As many as nine different smartphone models have been found vulnerable to GhostTouch, including Galaxy A10s, Huawei P30 Lite, Honor View 10, Galaxy S20 FE 5G, Nexus 5X, Redmi Note 9S, Nokia 7.2, Redmi 8, and an iPhone SE (2020), the latter of which was used to establish a malicious Bluetooth connection.

To counteract the threat, the researchers recommend adding electromagnetic shielding to block EMI, improving the detection algorithm of the touchscreen, and prompting users to enter the phone's PIN or verify their faces or fingerprints prior to executing high-risk actions.

Link

https://www.usenix.org/conference/usenixsecurity22/presentation/wang-kai