The Sound of a Credit Card

A recent article at http://www.thinq.co.uk/2011/1/20/android-trojan-captures-credit-card-details/#ixzz1Bb8RGsWS describes how an attack against Android based phones might be able to capture your credit card information even when you speak it into the phone. The interesting thing about this proof of concept is not that the application can capture voice details, but rather that it uses a second application to transmit the captured information.

Google designed Android so that certain communications were limited between applications, but the researchers found a way around that. Instead of directly sending the information from one program to another, they use a clever form of Morse code. Morse code was probably the first widely accepted binary form of communications. Dots and dashes are no different than ones and zeros. One application changes something like the screen brightness and another reads the screen brightness. Let’s say that full illumination is a dot, and anything less is a dash. By making minor modifications in how bright the screen is a lot of data can be transferred between programs without the user probably noticing it.

It will be interesting to see if this attack can be used against other smart phones as well.

Yes, use your Android or other smart phone for purposes that actually enhance your quality of living, but be careful about what applications you install. Ask yourself if you really need another application. The best choice is usually not to install a lot of software that you know very little about.

Randy Abrams
Director of Technical Education
Cyber Threat Analysis Center – ESET LLC

Author ESET Research, ESET

  • Craig

    Randy,
    You have a typo you might want to fix. Your second sentence says "able to capture you credit card information". The "you" should be "your".     :-)
    Craig.

    • David Harley

      Thanks, Craig. Fixed!

Follow Us

Automatically receive new posts via email:

Delivered by FeedBurner

7 articles related to:
Hot Topic
ESET Virus Radar

Archives

Select month
Copyright © 2014 ESET, All Rights Reserved.