Smartphones work very hard to keep your keystrokes secure, but now there’s a new way for malware to get at them. Researchers at IBM and Penn State have developed a new kind of trojan that tracks what you type into your phone using only your phone’s motion sensors.
TapLogger is the app they’ve put together as proof of concept. It works by logging not the actual data generated by your keystrokes, but where on your screen you tapped, and cross referencing that with how it lines up with the digital keyboard. It can narrow down a four-digit PIN to just a few possibilities 100 per cent of the time, and a six-digit PIN at an 80 per cent clip. There’s no equivalent trojan in the wild just yet — as far as we know — but load this onto the pile of things to be worried about. [PSU via Ars Technica]