This 'Invisible Finger' Can Take Over Your Touch Screen

pcmag.com:

Imagine this scenario. You walk into the conference room, place your phone on the table, and take your seat. Mysteriously, the phone wakes up and an invisible finger unlocks it and installs malware. Call Ghostbusters? Better yet, call the research team whose “invisible finger” presentation wowed attendees of the Black Hat conference in Las Vegas.

This team, dubbed “Security in Silicon Lab," pulls together professors, PhD candidates, and other academics from the University of Florida and the University of New Hampshire, all of whom have a lot of expertise in electronics hardware and in the math and physics that make modern technology possible.

Haoqi Shan, a UF PhD candidate, fronted the Black Hat presentation of the group’s findings and started with the short version. “This is a remote precise touch injection attack against capacitive touch screens using an IEMI (intentional electromagnetic interference) signal," he said. "Our attack has an effective range of three to four centimeters. We can induce a short tap, a long-press, or a swipe in any direction.”

Shan characterized the move as "a relatively new type of attack, even for professional researchers, [though] once you gain the knowledge here you should be able to reproduce what we are doing now. Maybe you’ll come up with a more powerful or much cooler attack.”

That’s a big maybe, as continuing the research would demonstrably require high-powered equipment along with deep knowledge and expertise.

Shan launched into a detailed description of just how a capacitive touch screen works to control your tables and phones. Skipping the physics involved, it goes like this. An electronic system turns capacitance events that occur when you touch the screen into a voltage that can