Researcher Creates Malware that Can Steal PINs from Android Phones

Yahoo Tech
Updated
image

By Zach Epstein, BGR

Smartphone malware is on the rise, and with 99 percent of known malware targeting Google’s Android platform — which is also the most popular mobile platform in the world by a tremendous margin — users must start making an effort to protect themselves against various threats. The latest example of the terrifying possibilities out there comes from Trustwave security researcher Neal Hindocha, who built a proof of concept that could be one of the most troubling examples of smartphone malware we’ve seen to date.

As noted by Forbes contributor Tamlin Magee, Hindocha created code that is capable of tracking a user’s taps and swipes as she operates a smartphone. With similar malware, a malicious hacker might be able to steal PINs, account numbers, passwords and other sensitive information users type into their handsets.

“If you’re monitoring all touch events and the phone hasn’t been touched for at least one hour, then you get a minimum of four touch events, you can assume that is a PIN code being entered,” Hindocha told Forbes. “The more interesting thing is, if you get a screenshot and then overlay the touch events, you’re looking at a screenshot of what the user is seeing, combined with dots, sequentially, where the user is touching the screen.”

The only possible good news is that the researcher has so far gotten his “screenlogging” malware to work on only jailbroken iPhones and rooted Android handsets, and it requires a device to be plugged into a computer via USB in order to be installed. That said, this is just one example of screenlogging malware created by one person as a proof of concept; malicious hackers may be developing — or may have already developed — similar software capable of being installed remotely.

Hindocha plans to demonstrate his screenlogging malware at the upcoming RSA Security conference next month.

More from BGR: The iPhone 5c flop hurt Apple more than you might realize

This article was originally published on BGR.com

Related stories

NFC comes to the iPhone with brand new line of cases

There’s actually one area where Windows Phone looks poised to overtake Android

This could be our first look at one of Samsung’s Android-less phones

Yahoo Tech is a brand new tech site from David Pogue and an all-star team of writers. Follow us on Facebook for all the latest.