Electromagnetic radiation allows you to simulate finger tapping and other commands for the touchscreen without approaching it.
Developers from the University of Florida demonstrated a prototype of the system, which they themselves compared to an “invisible finger”. In fact, it is able to remotely send commands to a smartphone, tablet or other device with a touch screen, using invisible electromagnetic waves. The novelty is being demonstrated at the Black Hat cybersecurity forum taking place in Las Vegas. Details about it are given in the proceedings of the IEEE Symposium on Security and Privacy.
The fact is that the vast majority of touchscreens in modern gadgets are surface-capacitive.
They use a transparent conductive coating on which a weak current is applied. Touching with a finger causes its leakage, the magnitude of which depends on the distance to the electrodes located at the corners of the screen, allowing you to localize the place of touch. This helped Professor Yier Jin and his colleagues to implement a variant of an attack with induced electromagnetic interference (Intentional Electromagnetic Interference, IEMI).
To do this, an array of antennas was used, the radio emission of which creates current leaks in the touchscreen, similar to touching with a finger. According to the developers, this is a fairly simple task, and the most difficult moment was the exact localization of the simulated click. To do this, they had to determine the characteristics of touch screens for specific device models and rely on them. In addition to the antennas, the system includes a “screen locator” that determines its position in space, and a feedback device that registers the result of a remote click; all this is demonstrated in action at the Black Hat conference.
The authors of the project emphasize that so far this is only a demonstration of the possibility of IEMI attacks on touch panels. In reality, the system is still too complex, cumbersome, slow and requires special working conditions. In particular, the device must be unlocked and the screen turned to the emitters so that the battery and electronics do not block the signal. And finally, it must be at a distance of no more than a few centimeters, otherwise the attack will fail.