Friday, January 21, 2011

The Sound of a Credit Card

Via ESET Threat Blog -

A recent article at describes how an attack against Android based phones might be able to capture you credit card information even when you speak it into the phone. The interesting thing about this proof of concept is not that the application can capture voice details, but rather that it uses a second application to transmit the captured information.

Google designed Android so that certain communications were limited between applications, but the researchers found a way around that. Instead of directly sending the information from one program to another, they use a clever form of Morse code. Morse code was probably the first widely accepted binary form of communications. Dots and dashes are no different than ones and zeros. One application changes something like the screen brightness and another reads the screen brightness. Let’s say that full illumination is a dot, and anything less is a dash. By making minor modifications in how bright the screen is a lot of data can be transferred between programs without the user probably noticing it.

It will be interesting to see if this attack can be used against other smart phones as well.

No comments:

Post a Comment