GhostTouch: Targeted Attacks on Touchscreens without Physical Touch

We discussed this vulnerability as part of our weekly podcast on 31 May 2022

The gist of this attack is using a hidden electromagnetic interference generate to inject fake touch points into a touch screen without actually physically touch the device, and through other materials (a table). Its an interesting attack, though the exact mechanisms of it are beyond me.

There are a handful of limitations I’ll call out though. All of the testing happened within a range of 0 to 15mm, so still very close to the device. The device itself would emit an audible coil buzz (42db at 20cm above table) that was related to be about as loud as a refrigerator’s hum. There is also the alignment issue which I don’t believe this study dealt with at all. It could inject specific touches and gestures but required the phone be positioned relative to the device. In a real world scenario perfect place might might be rather challenging.

However none of these seem like impossible problems to solve with further research, and as a proof of concept its a fun attack.