New research revealed that hackers could use GhostTouch to execute several cybercriminal actions, such as downloading malware and initiating calls. Any entity could utilise electromagnetic interference to activate arbitrary behaviour on mobile touchscreens.
Modern tablets and smartphones take advantage of capacitive touchscreens that give multi-touch capabilities and can measure minimal electric fields. However, the charger noise and the environmental impact of electromagnetic interference make these capacitive touchscreens sensitive.
Electromagnetic interference could disrupt the user’s activities on their touchscreen devices and possibly cause random and hostile behaviour. In one scenario, a phone on a charger booked a luxurious hotel room because of an EMI signal.
In activating GhostTouch, the researchers wanted to observe if they could exploit EMI to develop controllable touch events and start arbitrary behaviour on capacitive touchscreen devices.
The main objective behind the development of GhostTouch is to interfere with the measurement of touchscreens using electromagnetic signals attached to the receiving electrodes added to every device.
The researchers orchestrated a technology stack formed by a waveform generator that designs the EMI signal and an antenna that transfers it to the device’s touchscreen. Additionally, a phone locator module determines the exact location of the device’s screen and calibrates the signals to multiple locations.
The hackers must also know that GhostTouch is a targeted attack and should first know their victim’s phone models to tune it and execute a campaign. Moreover, the adversaries should also need extra information regarding the targeted device, such as the password, which they could acquire through social engineering tactics.
The best-case scenario for this attack will be most likely in places like lobbies, libraries, or cafes since people tend to place their smartphones face-down on a table. This opportunity can allow an attacker to embed the attacking equipment under the table and launch the attacks remotely.
The researchers tested several actions with GhostTouch, including answering the phone, pressing a button, swiping up to unlock, and entering a password. In another instance, the attacker may send a malicious link to a targeted phone and use GhostTouch to access and download the link.
