A researcher has created a proof-of-concept piece of malware which can record eveything you do on your touchscreen tablet or smartphone.

While some believe that voice is the future for computer interfaces, for the moment and the foreseeable future touch will be the way most people interact with their computing devices, be it smartphones, tablets and - increasing – touchscreen laptops and PCs.

This trend led one researcher to wonder whether or not cyber-criminals will be able to adapt one of the main tools they have used when creating traditional malware - keyloggers.

Keyloggers are vital components of malware which, when installed on your computer, can log everything you type on the keyboard, meaning cyber-criminals controlling them will be able to record your passwords, usernames and bank account details.

The malware typically also takes screenshots in conjunction with logging keystrokes to tell the criminal what bank or online service the victim is using.

Hacked touchscreen keyboards

While there have already been a number of researchers who have shown that been able to hack touchscreen keyboards to record everything typed on them, more and more apps are moving away from using typical keyboards to input data - especially financial apps - making it more difficult for hackers to record what it being inputted.


This led Neal Hindocha, senior security consultant at Trustwave to see if he could replicate what was possible on Windows-based machines for touchscreen devices like smartphones and tablets:

"What I realised was that the touchscreen on mobiles replaces the keyboard and mouse on a computer - that's your input area. I realised that if you know every single key press that the user is doing on the touchscreen and you combine that with screen-shotting, you are actually seeing what the user is seeing and you get all the information that they're entering so this was the basis [for my research]."


What Hindocha has produced is a proof-of-concept piece of malware which can be used to infect Android smartphones and tablets as well as jailbroken iOS devices, though he doesn't believe that any cyber-criminal is currently using this technique - yet.

The malware monitors the smartphone or tablet it has infected and sends two streams of data back to the criminal controlling it. One stream features images of what is happening onscreen while the other contains the X-Y coordinates of exactly where on the screen the user touched.

In its current form the malware would not be of much use Hindocha says, as it would require too much manual labour to sift through the huge amount of images produced by the screen-shotting. However, with a few tweaks the technique could be used in more targeted attacks Hindocha says:

"I think you have to target it more - be it against a specific system or a specific user or corporation." The security expert says he can envisage this type of malware being used against point of sale (PoS) devices or enterprises in combination with spear-phishing attacks.


We have recently PoS systems come under attack using RAM scraper malware, but as more and more retailers move away from using traditional cash registers and use online mobile payment systems like Square and mPowa – which are used with smartphones and tablets – Hindocha's malware could become much more effective.

While Hindocha has demos of the malware working on jailbroken iPhones and iPads, he hasn't been able to show it working on non-jailbroken devices - but believes it would work:

"I have working demos on jailbroken devices; I do believe it's been possible on non-jailbroken devices as well but, at least as far as I've discovered, it can only be done by relying heavily on private APIs which means that there is virtually no chance that that's going to pass [the App Store security] process."

Not just mobile

Dell Inspiron touchscreen

The potential implications of malware like this being spread is obvious - there were one billion smartphones sold globally in 2013 - Hindocha believes it could get a lot worse as the world moves more towards touch and away from keyboard and mouse:

"It is not just mobile devices, if you look what's happening with Windows 8 and the traditional computing side, that's moving into touchscreen as well. Laptops with touchscreens are common today and they are just increasing in numbers. Give it a few years and we will have kids growing up that don't know how to use anything but touchscreens."


Asked if he expects to see this type of malware in the wild at some point in 2014, Hindocha is hesitant to commit one way or another:

"I don't know. I think it's difficult to predict, I think it has to do with two things. The first one is how the mobile malware goes and I think the other thing is also how the apps are evolving as well."

The reason for Hindocha's doubt is that app developers have been quick to change the way users' input security credentials, with recent developments seeing users asked to use picture passwords rather than text-based ones.

As for securing yourself against his own piece of malware, Hindocha's advice is simple:

"I think that, as with any security, the first step is you know that these problems are there, they are out there and they are actually workable today already."