[HN Gopher] GhostTouch: Targeted attacks on touchscreens without...
___________________________________________________________________
GhostTouch: Targeted attacks on touchscreens without physical touch
Author : zdw
Score : 43 points
Date : 2022-06-02 22:41 UTC (2 days ago)
(HTM) web link (www.usenix.org)
(TXT) w3m dump (www.usenix.org)
| xwdv wrote:
| I can sometimes touch buttons on my iPhone screen without
| actually touching them, at a distance of a few millimeters.
| kurthr wrote:
| Unless you're using a screen protector... something is quite
| wrong. For large objects a barely acceptable false contact is
| 0.5mm. There are conditions (moisture on the screen, cracked
| electrodes, "floating" on a desk) where this may occasionally
| happen, but if there is a specific location/area it's likely
| caused by a fault.
|
| Screen protectors (and their adhesives) can do pretty weird
| stuff to the fields. Some designs may try to "calibrate" them
| out. That can also cause problems. Similarly, if you use a
| moisturizing hand lotion, that can leave a conductive film on
| the surface, which is sensitive to relative humidity.
| excalibur wrote:
| > Unless you're using a screen protector...
|
| Isn't everyone? I feel like the percentage of smartphone
| users who don't usually have some sort of protection over
| their screen is vanishingly small.
| giraffe_lady wrote:
| No I don't see the point and have never used them. In the
| first half of the smartphone era phones would accumulate
| microscratches but it took a couple years before they
| became distracting to me and that was around when I
| replaced phones anyway.
|
| Since, idk, 2016-ish? the screens are resilient enough that
| they don't scratch in a way that's noticeable while using
| it, only if you're specifically looking for scratches. Sand
| is the big exception, I basically keep it in a ziplock at
| the beach. Otherwise I don't worry about it much.
|
| I don't really think they meaningfully improve your chances
| when you straight drop the phone. I try not to drop them.
| kingcharles wrote:
| I tear that shit right off. I hate anything between me and
| the screen. The manufacturer didn't deem it necessary,
| although they might have profit motives for that.
| upbeat_general wrote:
| If by vanishingly small you mean the majority of people who
| own a phone them sure.
|
| I'd guess the tech literate crowd is much more likely to
| have a screen protector than a regular person.
| somehnacct3757 wrote:
| It's presented adversarialy, but perhaps there are practical
| applications for this technique, even at the short distances.
| hunterb123 wrote:
| this is essentially already used for certain tablets with
| styluses for a hovering over items when the stylus is near the
| screen but not touching it.
|
| not sure if it's the same process, but same effect.
| excalibur wrote:
| I wonder how effective this method would be at controlling
| devices with cracked screens that don't respond well to actual
| touch
| megous wrote:
| BTW, touchscreen can be another channel for communication (via
| Goodix HotKnot).
|
| https://www.youtube.com/watch?v=2ttPycepnho
| unixpickle wrote:
| > We can inject targeted taps continuously with a standard
| deviation of as low as 14.6 x 19.2 pixels from the target area, a
| delay of less than 0.5s and a distance of up to 40mm
|
| Seems like 40mm isn't a very far distance. I understand that this
| is a PoC, but it seems like making this work from a distance is
| more "important" than having a low delay or super accurate
| precision.
| kurthr wrote:
| This is because capacitive touchscreens are inherently a near-
| field phenomena. They are designed to detect extremely small
| capacitances (<fF) at relatively low frequencies (<500kHz)
| relatively low voltage (<5V) at high report rates (>120Hz) in
| the presence of very significant display noise (5-10V >1nF
| coupling). They require >120dB of OutOfBand rejection to
| operate. Cost per transceiver is ~$0.01.
|
| They fundamentally measure the channel between arrays of
| neighboring electrodes. That makes them self shielding (like a
| Faraday shield) since they typically are designed to be
| relatively immune to uniform changes in coupling. From any
| distance comparable to the size of the touch screen the
| differential coupling to electrodes falls off exponentially.
| Near the screen they fall off 1/d then 1/d^n dominates farther
| out.
|
| In order to avoid interfering with other parts of the device,
| they tend to be highly encoded narrowband signals and change
| (to known good) frequencies when they detect interference. That
| makes most narrow band techniques less effective. High voltage
| impulsive noise is most likely to have an effect, but
| triggering ESD detection/rejection might create a sweet spot in
| amplitude.
| dwheeler wrote:
| At 40 mm, it seems basically useless as an attack in almost all
| circumstances.
|
| However, I wouldn't write it off completely, because if
| somebody else can extend its distance further then I can see it
| becoming a concerning attack.
| kurthr wrote:
| I'd agree, requiring in-room access makes it not that big a
| deal. There are other attacks (like measuring the radiated
| emissions) to detect finger coupling remotely that I'd be
| more concerned about. Those could detect private user input
| and could be hidden nearby.
| nine_k wrote:
| If it's enough distance to penetrate your pocket (which I'd say
| more like 3 mm), it may have interesting implications.
| megous wrote:
| Touchscreen should be off in your pocket.
| bsnal wrote:
| All phones I've used in the last years turn on when you tap
| the touchscreen once or twice while it's off.
| bikingbismuth wrote:
| (Hopefully)Most phones are locked when they are woken up.
| madacol wrote:
| Call the target, screen turns on, ghosttouch to answer
| before it even rings
___________________________________________________________________
(page generated 2022-06-04 23:01 UTC)