According to information security services specialists, most of the Android smartphones currently available are exposed to a new attack variant known as “Tap ‘n Ghost”, through which hackers can perform fake taps on the screen of a smartphone to deploy malicious activities.
This attack variant exploits hardware and software-level flaws and has proven feasible even in the newer models of Android smartphones. According to the experts, the attack works on most devices enabled for Near Field Communication (NFC) technology.
To concretize the attack, the information security services specialists resorted to the use of some elements such as:
- A 5mm thick copper sheet connected to a DDS signal generator
- A high voltage transformer
- A battery pack
- NFC readers/writers
- A small laptop
These elements make up a platform in which the smartphone must be placed to carry out the attack.
Roughly speaking, the attack consists of two steps; when the smartphone has been placed on the attack platform, NFC readers will be able to get basic information about the device and trigger one of three actions:
- The smartphone could access a specific URL without the need for users’ interaction
- The smartphone could display a pairing request with a malicious Bluetooth device; this requires user interaction
- The smartphone could display a connection request to a compromised WiFi network; it also requires user interaction
According to the information security services specialists this is possible because most Android devices are permanently looking for NFC signals. After performing one of the three previous actions, the attack enters its second phase, in which the hacker will be able to use the copper sheet to generate electrical anomalies on the device’s touchscreen.
The touchscreen of a smartphone is composed of electrodes that exchange small currents with each other when the device is in use. Adding additional loads generates what the experts called “ghost taps” that the screen can interpret as a user’s interaction. Hackers could use these fake interactions to approve requests like those mentioned above, leaving the targeted smartphone fully exposed.
Nevertheless, there is always good news. According to the experts from the International Institute of Cyber Security (IICS) not all smartphones are exposed to this attack for various reasons. For example, it is necessary for the user to put their device on the attack platform or at a very close distance, it is also necessary to hide the platform (disguising it as a table, for example). In addition, smartphone’s touchscreen technology varies with the manufacturer and model, requiring specific configurations for each smartphone, greatly reducing the potential range of the attack.