Researchers have identified a new sort of attack that they have given the name “Ghost Touch.” This new form of attack may access the screen of your mobile device without even requiring you to touch it.
It would seem that those who commit crimes online are constantly able to one-up themselves and surprise everyone with innovative new strategies. You are already familiar with methods such as phishing, frauds, and the use of malware to infect devices. However, researchers from the Zhejiang University in China and the Darmstadt University of Technology in Germany have now uncovered a new hardware-based way that cybercriminals may use to get their hands on your smartphone.
These are known as Ghost Touch, and they may be used to unlock a mobile device, allowing the user to get access to sensitive information like passwords or banking apps, and even install malware. According to their explanation, the attack makes advantage of “electromagnetic interference (EMI) to inject fake touch points into a touch screen without physically touching it.”
Make note of the fact that this latest attack is aimed. To put it another way, in order to adjust the gadget, it is essential to have knowledge on the make and model of the cell phone belonging to the victim. The attacker may additionally need extra knowledge about it, such as the access code, which has to be obtained via social engineering. This might be a need for the attack. The attack is effective from a distance of up to 40 mm and makes use of the sensitivity of the touch screen to electromagnetic interference (EMI). Attackers have the ability to inject electromagnetic impulses into the implanted electrodes of the screen, which will cause the screen to record these signals as touch events (a touch, exchange, press, or hold).
On a total of nine different smartphone models, including the iPhone SE (2020), the Samsung Galaxy S20 FE 5G, the Redmi 8, and the Nokia 7.2, its efficacy has been shown. If a user’s screen has been hacked, it will begin operating on its own without the user’s intervention. For instance, it will begin answering calls on the user’s behalf or it will become unblocked.
When a mobile device begins visiting arbitrary web sites, entering into the user’s bank account, opening files, playing a movie, or typing on Google without the user’s interaction, this is another clear indication that the device has been compromised.
“You can protect yourself against touchscreen attacks in a number of different ways, including adding more security to your phone and being more vigilant in public places,” the article states. They recommend that you keep your phone in your possession at all times, since this will significantly lower the likelihood that it will be hacked.
Information security specialist, currently working as risk infrastructure specialist & investigator.
15 years of experience in risk and control process, security audit support, business continuity design and support, workgroup management and information security standards.