Invisible Finger

First practical Intentional ElectroMagnetic Interference (IEMI) attack on touchscreen-based electronic devices.

01. What is this?

Touchscreen devices such as smart phones and smart tablets are nearly used by everyone, everyday. The one who controls your screen controls what you see and what you do. Using our knowledge on touchscreen and EM (ElectroMagnetic) interference, we propose a series of novel and practical attack vectors to mimic the presence of human fingers and remotely inject touch events onto capacitance based touchscreen devices, including short-tap, long-press, omni-directional swipe. Our attack method not only provides a way to inject false touches on touchscreen from distance, but also allows attackers to detect the location of out-of-sight target screens, and evaluate the ongoing fault injection attack in real time. Combining our techniques together, we present you the "Invisible Finger", the first practical IEMI attack which allows you to manipulate touchscreen without physically touching it!

02. What are the attack scenarios?

Just image you place your cellphone down before a meeting to focus on the discussion with your partners. When the meeting ends, you pick up your phone and then realize your phone somehow was unlocked. There is a new application installed on your phone and the screen shows "you" just sent a text message to your bank to authorize a transaction which you don't recognize at all. Well, that is what our attack can do.

attack_scenario

Using our "Invisible Finger", the attacker can attach a small IEMI signal generator under a regular conference table and inject false touches into the cell phones that are placed on the table. The attacker can use the created tap, press, swipe gestures to send message, install malicious application, allow multi-factor authenticator request. Well, pretty much what you can do with your finger.

03. Too much words. Can I see it?

Of course! Check out our recorded video demonstrations below.

04. Questions and Answers.

Q: Does this attack work on Android/iPhone/iPad?A: We have tested our attack on various type of touchscreen devices, iPad Pro, OnePlus, iPhone, even Surface Pro and Chromebook. All these different devices are vulnerable to our attack. However, it is worth noting that some manufactures are more difficult to induce false touches than others, mainly due to the different touch detection algorithm and touch sensing circuits implementations. Our current research is trying to make our attack working perfectly on all these touchscreens so stay tuned! :)


Q: Under what conditions I should be worried about this attack?A: If you tend to put your cellphone face down to preserve your privacy so other people are not able to see your screen then you are most like can be affected by our attack when you are in an unfamiliar room.


Q: If I tend to place my cellphone face up, am I affected by this attack?A: Not really. Currently our attack only works when the cell phone is face down. Such that our attack device (attached under the table) can emit radiated IEMI signal directly onto the touchscreen. If the cell phone is face up, then we are not able to create precise touch events.


Q: Can the touchscreen manufactures provide some mitigations?A: Unlikely. Currently we are generating a focused E field which mimics the presence of human fingers so it can be difficult to distinguish our attack from legit human touches. The touchscreen manufactures can try to improve their noise detection algorithm in the firmware of touchscreen controller, or provide some pressure sensors to see if there is a finger pressing the screen.


Q: How can I protect myself from your attack?A: The answer is actually quite simple. You can search for EMF blocking phone cases. Our experiment result shows a thin Faraday Fabric layer is enough to block most of our IEMI signal. You can use it to cover the screen when you are not using it. Such low cost accessory actually already exists on the market.


Q: Is there any more details about your attack?A: Our research work has been accepted to appear on IEEE S&P 2022. We will present our work at the IEEE S&P 2022 conference. We are finalizing our paper and we will release our paper under this page as soon as possible.


Q: Who found and implemented this attack?A:
* Haoqi Shan, Boyi Zhang, Zihao Zhan (University of Florida)
* Dean Sullivan (University of New Hampshire)
* Shuo Wang (University of Florida)
* Yier Jin (University of Florida)

Videos

© 2022 University of Florida. All rights reserved.