New Disturbing Hacking Technique That Can Access Your Phone Without a Password
Here's how to keep your phone safe.
The next time you put your phone down on a table in public, you might want to look underneath it first. Cybercriminals are using a new technique called GhostTouch to unlock smartphones from a distance, often by putting equipment under a table.
This allows hackers to take remote control of a smartphone to manipulate it in potentially dangerous ways, such as accessing passwords, absorbing data, or installing malware. Read on to find out what you should look out for to keep your phone safe.
To use GhostTouch, hackers only have to be physically close to their intended victim. Equipment can be installed in public places to send electromagnetic signals to phones—frequently without the user noticing, experts say.
"GhostTouch is the newest screen hacking attack that allows criminals to hack a user's phone remotely," reported TechRadar. "In simple terms, attackers use electromagnetic signals to simulate primary touch events like taps and swipes on targeted locations of the touchscreen."
"Unfortunately, the most common places for touchscreen hacking are public places like libraries, cafes, or conference lobbies, where people place their smartphones face-down on the table," said Adrianus Warmenhoven, a cybersecurity expert at NordVPN. "The attackers prepare the equipment under the table in advance and launch the attack remotely."
Once a connection is made, hackers can breach the smartphone from their location. NordVPN said nine smartphone models are susceptible to the hack, including iPhone SE (2020), Samsung Galaxy S20 FE 5G, Redmi 8, and Nokia 7.2.
So how do you know when your phone is being accessed? "The hack is not exactly subtle, though, as users would see the phone operating on its own," TechRadar reports. Several guides have been published online about how to deal with the issue.
Experts say the best way to protect your private data from GhostTouch is to ensure your smartphone has a security mechanism, such as a PIN code, swipe pattern, or biometrics.
Last year, researchers from the University of Florida reported new technology allowing someone to hack into a nearby touchscreen-enabled device using an "invisible finger." They intended to identify weaknesses that would help phone manufacturers make their devices more secure.
The "invisible finger" technique uses a set of multiple connected antennas, known as an antenna array, to remotely tap and swipe a touchscreen through electromagnetic signals. Once hackers gain access, they can perform a variety of nefarious acts, downloading malware or even sending themselves money through the victim's account on a payment platform.
"An attack like this is possible because most modern touchscreens work by using electrodes placed underneath the screen to detect the small electrical charge released by a finger when it comes into contact with the screen," said Shuo Wang, the UF electrical and computer engineering professor who led the research. "The pressure from the finger is not a factor."
Wang explained that the invisible finger's false touch works only when the victim's phone is unlocked, or the attacker knows the password and the phone is placed face down on a surface. The antenna array must be no more than four centimeters away.