Click to Skip Ad
Closing in...

Terrifying new smartphone malware tracks your swipes to steal your PIN

Published Jan 28th, 2014 10:56AM EST
Android Malware

If you buy through a BGR link, we may earn an affiliate commission, helping support our expert product labs.

Smartphone malware is on the rise and with 99% of known malware targeting Google’s Android platform — which is also the most popular mobile platform in the world by a tremendous margin — users must start making an effort to protect themselves against various threats. The latest example of the terrifying possibilities out there comes from Trustwave security researcher Neal Hindocha, who built a proof-of-concept that could be one of the most troubling examples of smartphone malware we’ve seen to date.

As noted by Forbes contributor Tamlin Magee, Hindocha created code that is capable of tracking a user’s taps and swipes as they operate a smartphone. With similar malware, a malicious hacker might be able to steal PINs, account numbers, passwords and other sensitive information users type into their handsets.

“If you’re monitoring all touch events and the phone hasn’t been touched for at least one hour, then you get a minimum of four touch events, you can assume that is a PIN code being entered,” Hindocha told Forbes. “The more interesting thing is, if you get a screenshot and then overlay the touch events, you’re looking at a screenshot of what the user is seeing, combined with dots, sequentially, where the user is touching the screen.”

The only possible good news is that the researcher has so far only gotten his “screenlogging” malware to work on jailbroken iPhones and rooted Android handsets, and it requires a device to be plugged into a computer via USB in order to be installed. That said, this is just one example of screenlogging malware created by one person as a proof of concept; malicious hackers may be developing — or may have already developed — similar software capable of being installed remotely.

Hindocha plans to demonstrate his screenlogging malware at the upcoming RSA Security conference next month.

Zach Epstein
Zach Epstein Executive Editor

Zach Epstein has been the Executive Editor at BGR for more than 10 years. He manages BGR’s editorial team and ensures that best practices are adhered to. He also oversees the Ecommerce team and directs the daily flow of all content. Zach first joined BGR in 2007 as a Staff Writer covering business, technology, and entertainment.

His work has been quoted by countless top news organizations, and he was recently named one of the world's top 10 “power mobile influencers” by Forbes. Prior to BGR, Zach worked as an executive in marketing and business development with two private telcos.