Smartphone malware is on the rise and with 99% of known malware targeting Google’s Android platform — which is also the most popular mobile platform in the world by a tremendous margin — users must start making an effort to protect themselves against various threats. The latest example of the terrifying possibilities out there comes from Trustwave security researcher Neal Hindocha, who built a proof-of-concept that could be one of the most troubling examples of smartphone malware we’ve seen to date.
As noted by Forbes contributor Tamlin Magee, Hindocha created code that is capable of tracking a user’s taps and swipes as they operate a smartphone. With similar malware, a malicious hacker might be able to steal PINs, account numbers, passwords and other sensitive information users type into their handsets.
“If you’re monitoring all touch events and the phone hasn’t been touched for at least one hour, then you get a minimum of four touch events, you can assume that is a PIN code being entered,” Hindocha told Forbes. “The more interesting thing is, if you get a screenshot and then overlay the touch events, you’re looking at a screenshot of what the user is seeing, combined with dots, sequentially, where the user is touching the screen.”
The only possible good news is that the researcher has so far only gotten his “screenlogging” malware to work on jailbroken iPhones and rooted Android handsets, and it requires a device to be plugged into a computer via USB in order to be installed. That said, this is just one example of screenlogging malware created by one person as a proof of concept; malicious hackers may be developing — or may have already developed — similar software capable of being installed remotely.
Hindocha plans to demonstrate his screenlogging malware at the upcoming RSA Security conference next month.
