By analyzing the pitch, yaw and roll paths during onscreen keyboard input, two security researchers from the University of California, Davis have put together a keylogger that relies on nothing more than a smartphone's (or a tablet's) built-in accelerator.

Hao Chen and Lian Cai detailed their findings in a presentation at the HotSec '11 conference last month, where they unveiled an Android application called TouchLogger to demonstrate their research. The researchers claim that TouchLogger has an accuracy of 71.5 percent when used on a 10-key number touch-screen input, though this figure drops when used with a much more cramped QWERTY keyboard.

The heart of the problem has to do with the fact that advanced sensors such as the accelerometer or gyroscope are not traditionally considered security vectors. Given their benign reputation, API access to their data tends to be readily available across various platforms. 

The ubiquity of touchscreen interfaces, however, may mean that they could be exploited to tap into user input as part of an undetectable "side channel" attack. Mike Keller from PCWorld suggested that "at the very least, smartphone OSes should consider deploying an allow/deny mechanism for gyro data as they do for GPS location."

With new operating systems such as Windows 8 said to support both touch (tablets) and the traditional desktop, built-in accelerators and gyroscopes look set to be standard hardware in future devices.

Titled "TouchLogger: Inferring Keystrokes on Touch Screen From Smartphone Motion," the white paper can be downloaded here (.pdf).

For more:
- check out this article at PCWorld
- check out this article at InformationWeek

Related Articles:
Researchers bring attention to USB attack via Android phone
Is there anything RSA wants to tell us about the Lockheed breach?
Network World apologizes to Samsung over false keylogger accusation