Hackers can now unlock phones from a distance using a terrifying new technique, experts have warned.
NordVPN has urged phone users to heighten their security amid a rise in ‘GhostTouch’ attacks that allow criminals to take control of a device from afar.
Attacks make use of electromagnetic signals to simulate taps on a touchscreen, meaning malicious users can secretly access personal data or even install malware.
Libraries, cafes and public lobbies are believed to be the main target areas for this form of attack, with users often oblivious to what is going on.
Adrianus Warmenhoven at NordVPN said: ‘Unfortunately, the most common places for touchscreen hacking are public places like libraries, cafes, or conference lobbies, where people place their smartphones face-down on the table.
NordVPN has urged phone users to heighten security in the face of GhostTouch attacks
‘The attackers prepare the equipment under the table in advance and launch the attack remotely. The user may not even notice that their gadget has been hacked.’
GhostTouch attacks can take place from a distance of up to 1.57 inches (40mm), with hackers having to know the make, model and device passcode.
While criminals often find passwords on the dark web, many just resort to snooping on a phone user in person.
Specialised equipment is then set up to emit well-matched electromagnetic signals that disrupt the phone’s usual behaviour.
In public, this is often hidden beneath a table in close proximity to the targeted victim.
Hackers can then inject fake touch points into a screen, simulating the usual swipes and taps of a phone.
So far, it has been proven to work on nine phone models including iPhone SE (2020), Samsung Galaxy S20 FE 5G, Redmi 8, and Nokia 7.2.
Not only can hacked devices unlock by themselves, but criminals can even answer calls on the user’s behalf.
Website URLs may open randomly too, while hackers look at bank details and other personal information.
NordVPN adds that attackers may also attempt man-in-the-middle attacks from a compromised device – involving the manipulation of communications between parties.
Any unusual Bluetooth or Wi-Fi connection may be a sign of this, with criminals often using a Bluetooth mouse to take control.
Jake Moore, a Global Security Advisor at ESET added: ‘This highly sophisticated attack is likely to only ever be used on targeted people in very specific circumstances. However, it is still important to remain vigilant to these attacks and to be aware of increasingly clever ways in which cybercriminals operate.
GhostTouch attacks use electromagnetic signals to access a phone from up to 40mm away
‘Whilst this technique can only activate target devices up to 4cm away, it highlights the ability of such new technology that allows threat actors to attack devices remotely. Although this may seem very unlikely now, the process used has the potential of improving in the future that would enable this tactic to be deployed from further distances.’
To protect yourself, NordVPN recommends that an extra wall of security should be put in place on phones.
On top of a secure password, this can include use of facial recognition, fingerprints or banking app pins to keep criminals locked out.
Keeping phones up-to-date can also help, NordVPN says, as packages often contain extra features to keep a device secure.
‘You can protect yourself against touchscreen attacks in several ways, from adding more security to your phone to being more vigilant in public places. Don’t leave your phone unattended, and you will very much lessen the chances of it being hacked,’ Mr Warmenhoven added.
Finally, software such as NordVPN’s Threat Protection can prevent hackers from installing malware onto a device even though it cannot prevent an attack itself.
READ MORE: I’m a cybersecurity expert – these are the common mistakes that could let hackers crack your passwords in SECONDS
Dropping numbers, symbols and letters into your passwords may convince you that your online accounts are secure.
Yet cybersecurity experts have warned that a six-character password containing all these attributes can instantly be cracked by hackers.
New research by Hive Systems shows that hackers can crack your password within seconds – even if it’s more than 10 characters long.
This is up to eight time faster than last year, which the researchers attribute to advances in technology.
‘The time has finally come where passwords are just no longer secure by themselves,’ said Alex Nette, CEO and Co-founder of Hive Systems.
Hackers can now crack complex passwords eight times faster than last year, findings show (Using MD5 has generator)
