The presentation discusses a remote precise touch event injection attack against a capacitive touch screen using an iemi signal, which is the first practical attack with other side screen locator and touch event direct detector. The presentation also highlights the low hanging fruit stage of touchscreen attack and the advantages of capacitive touch screens.
- The attack is called invisible finger and can induce short tab long press and omnidirectional swipe gesture onto a capacitive touch screen from a distance of around 3-4 centimeters
- The attack works on different types of screen devices regardless of the scanning or driving methods applied on the touchscreen controller
- Capacitive touch screens are the most popular type of touch screen used on smart devices, with roughly 46% of touch screens being capacitive
- The advantages of capacitive touch screens include touch events being done with only a bare finger and blocking out cellular, Wi-Fi, or AMC signals
- A cheaper and better way to block out signals is to use a phone case with a cover and third Friday fabric inside
- Touchscreen attack is still a relatively new area of research, with only a few published papers available online
- Understanding the background of touch screens and capacitive touch screens can lead to the development of more powerful or cooler attacks
The presenter discussed a simple way to block out signals from a phone using a phone case with third Friday fabric inside. This type of fabric can be glued or taped to the inside of the phone case and can effectively block out signals in a thickness of only 0.2 millimeters.
Touchscreen-based electronic devices such as smart phones and smart tablets are widely used in our daily life. While the security of electronic devices has been heavily investigated recently, the resilience of touchscreens against various attacks has yet to be thoroughly investigated. In this presentation, for the first time, we show how touchscreen devices are vulnerable to Intentional Electromagnetic Interference (IEMI) attacks in a systematic and practical way.Not only showing how practical IEMI attacks are established on touchscreens, we will also analyze and quantify the underlying mechanism allowing our novel touchscreen attacks in detail. We will show and explain how to calculate the minimum amount of electric field and signal frequency required to induce false touch events. The induced touch events allow attackers to remotely perform short-tap, long-press, and omni-directional gesture on touchscreen devices under a regular conference table without physically touching the victim devices. Beyond simply showing how to generate touch events under an ideal scenario, we will introduce our novel and necessary techniques to build up the attack chains in a practical way, such as designing and using a phone locator to infer the position and orientation of the target smart phone out of sight, knowing if the injected IEMI signal works without seeing the screen, etc. We will show and explain how our state-of-the-art attack can be remotely used on different touchscreen devices and deliver practical attack outcomes, including unlocking gesture based pin lock, installing malware on Android devices, and connecting Siri on iOS devices.