Menacing ‘Invisible Finger’ Recreates Human Touch To Enter Devices Unauthorized
By Nicole Rodrigues, 12 Aug 2022
Scientists have developed an ‘Invisible Finger’ that can access your digital devices remotely.
Now, this new creation doesn’t just break in through cyber backdoors; it actually simulates the touch of a human finger and moves around like an invisible hand controlling your phone.
The new discovery was debuted at the IEE Symposium on Security and Privacy and is currently being presented at the Las Vegas Black Hat cybersecurity conference.
The team behind the operation calls itself Security for Silicon Lab. Haoqi Shan of the University of Florida, who leads the group, notes that the device—formally known as an Intentional Electromagnetic Interference (IEMI) attack—can make “injection attacks” against capacitive touchscreens at a range of three to four centimeters, or about an inch.
The cyberattack works as such: A system takes capacitance events, which happen when a person touches their phone, and turns them into voltages that can be measured. An electromagnetic field then manipulates those voltages to control the screen as if a human was doing so.
An antenna array vector brandished at the conference successfully snuck under tables and chairs and located tablets and phones while being controlled remotely over Wi-Fi.
A secondary antenna was able to send touch signals to these devices, essentially unlocking them. Emissions emitted from the touchscreen allowed the device to acknowledge that each touch was successful.
The team went through several rounds of experimentation before finding that a thin copper needle was the best apparatus to use for the remote touch.
According to PC Mag, Shan has said that these devices work on the iPad, OnePlus, Google Pixel, Nexus, and Surface. It can even replicate Omni-directional touch, which could open gesture-based security locks.
During the experiment, the team was able to send money from a PayPal account and install a malicious app on an Android phone.
The demonstration was done to give big tech companies an idea of how their devices can be hacked into. The Security for Silicone Valley team advised touchscreen makers to install pressure sensors in the gadgets as the invisible cannot replicate the tiny amount of pressure exerted by human fingers.
They also advised people to use a Faraday bag or cloth to protect their phones and tablets. Or simply, to just keep all devices facing upright when on any surface.
[via PC Mag and Vice, cover image via David Selbert / Pexels (CC0)]