GhostTouch – A Remote Attack Against Touchscreens Using Electromagnetic Signals

Touchscreens have become a trending alternative to mouses and keyboards that allow users to interact with computers using their fingers.

Especially, capacitive touchscreens give multi-touch capabilities, long service life, and cost-effectiveness, and therefore, have been widely used on personal devices such as smartphones, tablets, and watches. The major requirement for touch screens is reliable and accurate touch sensibility. 

GhostTouch, the First Contactless EMI-attack (Electromagnetic Interference)

A team of researchers from Zhejiang University and the Technical University of Darmstadt devised a technique, called ‘GhostTouch’, to remotely control capacitive touchscreens using electromagnetic signals.

Experts say, its main target is to interfere with the capacitance measurement of touchscreens using electromagnetic signals, which are injected into the receiving electrodes integrated into the touchscreen. As a result, an electromotive force is induced in the measuring circuit that affects the touchpoint detection.

In this scenario, the attacker uses an EMI device under a table to remotely attack the touchscreen of a smartphone face-down on the table. By injecting fake touches, the attacker can trick the smartphone to click a malicious link containing malware, connect a malicious network, and answering an eavesdropping phone call.

The experts explained the attack scenario using the illustration design where the GhostTouch system consists of two components, a touch injector, and a phone locator. The touch injector is used to inject touch events into the touchscreen and includes a signal generator, an amplifier, an on/off switch, and a receiving antenna array. The phone locator is used to identify the position of the touchscreen and consists of a sensing antenna array, a data acquisition device, and a location calculator.

The researchers say “Our results showed that certain smartphones are less vulnerable to the GhostTouch attack, which could be due to better electromagnetic shielding or effective validation”.

Mitigation

Manufacturers may reinforce the touchscreen by adding an electromagnetic shield and increasing the voltage of the excitation signal. Experts also recommend improving the detection algorithm of the touchscreen. Application permissions may be restricted and identity verification needs to be conducted when executing high-risk actions.