New attack creates ghost taps on modern Android smartphones

tap-n-ghost
Image: Maruyama et al.

Modern Android smartphones are susceptible to a new type of attack named “Tap ‘n Ghost” that can induce fake finger taps to take unwanted actions.

The attack exploits flaws at both the software and hardware level and has been proven to work even against the most recent smartphone models.

It works against most NFC-enabled smartphones with capacitive touchscreens — which is the most common smartphone touchscreen technology today.

Generating fake screen taps

The Tap ‘n Ghost attack — discovered and documented by three academics from the Waseda University in Tokyo — works using an attack rig that consists of a 5mm thick copper sheet connected to a DDS signal generator, a high-voltage transformer, a battery pack, NFC readers/writers, and a small computer (laptop, Raspberry Pi).

Coinbase 2

This rig might look bulky, but the research team says it can be embedded inside regular tables, coffee tables, or any other furniture object on which a victim might place their smartphone.

tap-n-ghost attack rig

tap-n-ghost attack rig

Image: Maruyama et al.

The attack itself consists of two steps. Once a user has placed their smartphone near the attack rig to be in the smartphone’s NFC range (of 4 to 10cm), the NFC readers/writers can get basic info about a device and trigger one of three actions.

It can make the user’s smartphone open and access a specific URL (doesn’t require any interaction), it can ask the smartphone to pair a rogue Bluetooth device (requires interaction), or it can ask the user to connect to a malicious WiFi network (requires interaction).

This works because, by default, Android devices always look for nearby NFC transmissions, at all times.

At this point, the attack moves in the second phase where the attacker can use the copper plate to induce electrical disturbances into the touchscreen.

Because capacitive touchscreens are a collection of electrodes that exchange small currents between each other during a touch interaction, the extra induced noise can cause ghost taps on the screen, either on a vertical or horizontal axis.

tap-n-ghost flaws

tap-n-ghost flaws

Image: Maruyama et al.

These fake taps can be used to hijack a user’s original tap on a “No” button and apply it on the “Yes” one, allowing the smartphone to connect to a rogue WiFi network, or approve a malicious Bluetooth connection.

The Waseda research team says it tested the Ghost ‘n Tap attack on seven smartphone models and were successful on five.

tap-n-ghost tests

tap-n-ghost tests

Image: Maruyama et al.

The attack doesn’t work only on smartphones, but also on any NFC-enabled device with a capacitive touchscreen, such as ATMs, voting machines, display screens, and others.

The research team says it worked with the Japan Computer Emergency Response Team (CERT) to notify the several smartphone manufacturers about this new attack vector.

“We demonstrated the attack to them and confirmed that the attack is applicable to their latest model,” researchers said.

Not a universal threat

Fortunately, the Tap ‘n Ghost attack isn’t something that can be used against any user. First and foremost, the range of the attack is limited and requires that the user place their device(s) near a disguised attack rig.

Second, because each smartphone model uses different capacitive touchscreen technologies, special signals at different frequencies are needed per phone model. This means that the attacker needs to know a victim’s smartphone model beforehand and configure the attack rig accordingly.

Furthermore, the Waseda team says the attack can be easily mitigated at both the software and hardware level. For example, the Android OS could be modified to introduce a popup that asks the user for permission before a device initiates any NFC operation. Second, signal noise protection can be added to capacitive touchscreen technologies.

More on this research can be found in a whitepaper named “Tap ‘n Ghost: A Compilation of Novel Attack Techniques against Smartphone Touchscreens.”

[youtube https://www.youtube.com/watch?v=kmYCXH4ax-g&w=500&h=282]

[youtube https://www.youtube.com/watch?v=phuiwh7djQM&w=500&h=282]

Related cybersecurity coverage:

New attack creates ghost taps on modern Android smartphones 1
About the author

E-Crypto News was developed to assist all cryptocurrency investors in developing profitable cryptocurrency portfolios through the provision of timely and much-needed information. Investments in cryptocurrency require a level of detail, sensitivity, and accuracy that isn’t required in any other market and as such, we’ve developed our databases to help fill in information gaps.

Related Posts

E-Crypto News Executive Interviews



bitcoin
Bitcoin (BTC) $ 42,848.00
ethereum
Ethereum (ETH) $ 3,013.46
tether
Tether (USDT) $ 1.00
cardano
Cardano (ADA) $ 2.11
binance-coin
Binance Coin (BNB) $ 365.18
xrp
XRP (XRP) $ 0.94866
solana
Solana (SOL) $ 137.47
polkadot
Polkadot (DOT) $ 28.95
usd-coin
USD Coin (USDC) $ 1.00
dogecoin
Dogecoin (DOGE) $ 0.209912
USD
EUR
GBP
bitcoinBitcoin (BTC)
$ 42,848.00
ethereumEthereum (ETH)
$ 3,013.46
tetherTether (USDT)
$ 1.00
bitcoin-cashBitcoin Cash (BCH)
$ 538.51
litecoinLitecoin (LTC)
$ 159.65
bitcoinBitcoin (BTC)
36.541,33
ethereumEthereum (ETH)
2.569,92
tetherTether (USDT)
0,852813
bitcoin-cashBitcoin Cash (BCH)
459,25
litecoinLitecoin (LTC)
136,15
bitcoinBitcoin (BTC)
31,183.75
ethereumEthereum (ETH)
2,193.12
tetherTether (USDT)
0.727776
bitcoin-cashBitcoin Cash (BCH)
391.91
litecoinLitecoin (LTC)
116.19

Automated trading with HaasBot Crypto Trading Bots

Crypto Scams

Crypto Scams
Crypto Scams Still Persistent In 2021, SEC Warns About Red Flags To Watch
September 9, 2021
Poly Network
Here’s How Hackers Stole Over $600 million in the Poly Network Attack
August 12, 2021
The World’s Most Infamous Crypto Hacks and Scams
July 31, 2021
Cryptocurrency Exchanges
Cryptocurrency Exchanges and the Plague of Scams and Bans
June 29, 2021
What Role Do Cryptocurrencies Play In The Era Of Ransomware Attacks?
June 9, 2021

Blockchain/Cryptocurrency Questions and Answers

Beginner’s Guide to Investing in Cryptocurrency
August 9, 2021
Short-Sell Cryptocurrency
How to Short-Sell Cryptocurrency: A Brief Overview
July 17, 2021
Klaytn
What Is Klaytn (KLAY) And How Does It Work?
July 16, 2021
Cryptocurrencies
Our Crypto Roundup Interview Asks- Do Cryptocurrencies Have a Future?
July 15, 2021
Solana
What Is Solana (SOL) And How Does It Work?
June 26, 2021


CryptoCurrencyUSDChange 1hChange 24hChange 7d
Bitcoin42,381 0.65 % 7.58 % 6.11 %
Ethereum2,979.5 0.43 % 7.34 % 9.74 %
Tether0.9986 0.03 % 0.08 % 0.23 %
Cardano2.080 1.90 % 4.70 % 14.11 %
Binance Coin361.61 0.60 % 8.12 % 9.80 %
XRP0.9340 0.33 % 5.97 % 12.59 %
Solana135.24 1.10 % 7.22 % 20.11 %
USD Coin0.9997 0.30 % 0.33 % 0.34 %
Polkadot30.87 2.19 % 17.29 % 10.73 %
Dogecoin0.2072 0.89 % 7.61 % 12.61 %

bitcoin
Bitcoin (BTC) $ 42,848.00
ethereum
Ethereum (ETH) $ 3,013.46
tether
Tether (USDT) $ 1.00
cardano
Cardano (ADA) $ 2.11
binance-coin
Binance Coin (BNB) $ 365.18
xrp
XRP (XRP) $ 0.94866
solana
Solana (SOL) $ 137.47
polkadot
Polkadot (DOT) $ 28.95
usd-coin
USD Coin (USDC) $ 1.00
dogecoin
Dogecoin (DOGE) $ 0.209912