London: Smartphone users, beware! Hackers could use your mobile to find out what you are typing on a nearby computer at your workplace, say researchers.
A team at the Georgia Institute of Technology in the US has claimed that a cell phone could be turned into a SpiPhone as it can decipher vibrations to record what is being typed on a nearby computer keyboard.
The researchers have, in fact, discovered how to do it using a smartphone accelerometer - the internal device that detects when and how the phone is tilted. They have found it can be harnessed to sense keyboard vibrations and decipher complete sentences with up to 80 percent accuracy.
"We first tried our experiments with an iPhone 3GS, and the results were difficult to read. But then we tried an iPhone 4, which has an added gyroscope to clean up the accelerometer noise, and the results were much better.
"We believe that most smartphones made in the past two years are sophisticated enough to launch this attack," Patrick Traynor, who led the team, said.
The technique works by using mathematical software that detects pairs of keystrokes, rather than individual letters. Hackers can then determine whether the pair of keys pressed is on the left or right side of the keyboard, and whether they are close together or far apart, say the researchers.

After the system has determined these characteristics for each pair of keys pressed, using probability it compares the results against a preloaded dictionary.
But the technique only works reliably on words of three or more letters. They used the word "canoe", which when typed breaks down into four keystroke pairs -- "C-A, A-N, N-O and O-E", says the team.
The detection system's code recorded this as Left-Left- Near, Left-Right-Far, Right-Right-Far and Right-Left-Far, or LLN-LRF-RRF-RLF. By comparing the traditional keyboard to the dictionary it yields "canoe" as statistically probable word.
Working with dictionaries comprising about 58,000 words, the system reached word-recovery rates as high as 80 percent.    

"The way we see this attack working is that you, the phone's owner, would request or be asked to download an innocuous-looking application, which doesn't ask you for the use of any suspicious phone sensors.”
"Then the keyboard-detection malware is turned on, and the next time you place your phone next to the keyboard and start typing, it starts listening," said Henry Carter, a team member.