For those that own an Android device you should be made aware that there is yet another new malicious trojan app called TapLogger that takes advantage of a flaw in the Android operating syste, which lets background apps monitor a device’s sensors such as the accelerometer, a sensor that detects orientaion and movement.
However, according to the guys over at Gadget Box, by way of Arstechnica, the TapLogger app was created by Pennsylvania State University security researchers, and the malicious app, which is not in the wild, ‘trains’ by getting the user to tap in numbers on a keypad within the app and then logs the vibration patterns, and when the user taps in card details or passwords the app continues to listen to the vibration and matches them to different numbers.
Graduate student of PSU, Zhi Xu described the TapLogger app as proof of concept at a conference, and apparently Google does not have a specific response to the app but do say they are always ‘actively policing’ the Google Play app store for apps that abuse permissions such as this one.
The paper which was co-authored by Xu, Kun Bai and Sencun Zhu says that to prevent such attacks, they see an urgent need for sensing management systems on existing smartphone platforms. Sensors like orientation sensors and the accelerometer should be considered just as sensitive to user privacy and need gaining security permissions to access.