Cyber security researchers at Tokyo based Waseda University unveiled a novel attack named Tap ‘n Ghost, which targets Near Field Communication (NFC) enabled devices including smartphone, voting machines, ATMs and Kiosk.
How the attacker can control your phone devices?
Through malicious wireless network, to take control of victim phone device by wi-fi connection.
At time attacker targets victim through malicious Wi-Fi connection, pop-up dialogue option box, the victim will try to cancel the activity but, the real thing is actually clicking to permitting the target their device and allowed attacker to access to a phone device.
According to a website,
“Tap ‘n Ghost”, which aims to attack the touchscreens of NFC-enabled mobile devices such as smartphones. Tap ‘n Ghost consists of two striking attack techniques – “Tag-based Adaptive Ploy (TAP)” and “Ghost Touch Generator.” First, using a NFC card emulator embedded in a common object such as table, a TAP system performs tailored attacks on the victim’s smartphone by employing device fingerprinting.
After the connection is established, the attacker can remotely take control of the smartphone, with the knowledge about the layout of the screen derived from the device fingerprinting.
Also Read- How To Secure Wi-Fi Network
Tap ‘n Ghost Attack Do?
It will allow an attacker to take control of a victim phone. Researchers revealed that it is not just for NFC Android devices, but also a host of NFC-capable touchscreen like Voting machines, ATMs and Kiosk.
“Using a NFC card emulator embedded in a common object such as table, a TAP system performs tailored attacks on the victim’s smartphone by employing device fingerprinting; e.g., popping up a customized dialogue box asking whether or not to connect to an attacker’s Bluetooth mouse. Further, Ghost Touch Generator forces the victim to connect to the mouse even if she or he aimed to cancel the dialogue by touching the ‘cancel’ button,” the researchers wrote.
“Device fingerprinting is useful to infer the language used for the device; the information can be used to display a dialog box with a misleading message to the victim,” according to the paper. “The fingerprint information can also be used for displaying a dialog box with a suitable message, which needs to be adaptive to the vendor-specific customization.”
“Upon receiving a pop-up dialog box, the victim will try to cancel the action by tapping the cancel button. The Malicious Table will start the Ghost Touch Generator attack to alter the selection of the buttons,” they said.
“We found that we can intentionally cause the malfunction by generating an electric field near the capacitive touchscreen controller, using an electric circuit that can produce large alternating voltage,” the researchers wrote.