Definition

keyboard vibration attack

Contributor(s): Matthew Haughn

A keyboard vibration attack is a proof-of-concept (POC) exploit that involves placing a mobile device near to a computer keyboard in order to use the mobile device’s accelerometer as a keylogger.

The accelerometer detects vibrations from the keyboard and an associated application translates them into the characters being typed. Although there have been no reports of keyboard vibration attacks in the wild, Georgia Tech researchers found a method to exploit the accelerometer in an iPhone to record keystrokes.

The researchers reported a captured character accuracy of 80 percent and claim that as accelerometers progress, the accuracy increases. They discovered this capacity by observing that the exploit functioned with higher accuracy on the newer generations of iPhones.

Although the research was conducted on Apple phones, the Georgia Tech researchers note that similar exploits could target other mobile devices and operating systems. The research follows similar investigations and discoveries involving the possibility of exploiting cameras, microphones and even status LED micro-pulses to reveal sensitive information such as passwords or financial details.

This was last updated in May 2015

Continue Reading About keyboard vibration attack

Spy agencies’ hacking of mobile encryption keys is no surprise, says security expert

Bad vibrations: How smart phones could steal PC passwords

SearchCompliance

risk assessment

Risk assessment is the identification of hazards that could negatively impact an organization's ability to conduct business.

PCI DSS (Payment Card Industry Data Security Standard)

The Payment Card Industry Data Security Standard (PCI DSS) is a widely accepted set of policies and procedures intended to ...

risk management

Risk management is the process of identifying, assessing and controlling threats to an organization's capital and earnings.

SearchSecurity

Federal Information Security Management Act (FISMA)

The Federal Information Security Management Act (FISMA) is United States legislation that defines a framework of guidelines and ...

CISO as a service (vCISO, virtual CISO, fractional CISO)

A CISO as a service (CISOaaS) is the outsourcing of CISO (chief information security officer) and information security leadership...

access control

Access control is a security technique that regulates who or what can view or use resources in a computing environment.

SearchHealthIT

protected health information (PHI) or personal health information

Protected health information (PHI), also referred to as personal health information, generally refers to demographic information,...

HIPAA (Health Insurance Portability and Accountability Act)

HIPAA (Health Insurance Portability and Accountability Act) is United States legislation that provides data privacy and security ...

telemedicine (telehealth)

Telemedicine is the remote delivery of healthcare services, such as health assessments or consultations, over the ...

SearchDisasterRecovery

call tree

A call tree is a layered hierarchical communication model that is used to notify specific individuals of an event and coordinate ...

Disaster Recovery as a Service (DRaaS)

Disaster recovery as a service (DRaaS) is the replication and hosting of physical or virtual servers by a third party to provide ...

cloud disaster recovery (cloud DR)

Cloud disaster recovery (cloud DR) is a combination of strategies and services intended to back up data, applications and other ...

SearchStorage

What is a SAN? Ultimate storage area network guide

A storage area network (SAN) is a dedicated high-speed network or subnetwork that interconnects and presents shared pools of ...

FCoE (Fibre Channel over Ethernet)

FCoE (Fibre Channel over Ethernet) is a storage protocol that enable Fibre Channel (FC) communications to run directly over ...

Fibre Channel switch (FC switch)

A Fibre Channel switch is a networking device that is compatible with the Fibre Channel (FC) protocol and designed for use in a ...

Join the conversation

1 comment

Send me notifications when other members comment.

Oldest

[-]

ToddN2000 - 1 Jun 2015 11:41 AM

I saw an article on this a while back. If you left your phone on and on your desk near your PC keyboard, they claim it can pick up the tactile keystrokes on the PC keyboard and record them like any other key logger. I'd have to see it to believe it.

Continue Reading About keyboard vibration attack

Related Terms

Join the conversation

1 comment

Register

Login

Forgot your password?

Your password has been sent to:

Please create a username to comment.