Analyzing and Defending <monospace>GhostTouch</monospace> Attack Against Capacitive Touchscreens

Capacitive touchscreens have become the primary human-machine interface for personal devices such as smartphones and tablets. In this article, we present <monospace>GhostTouch</monospace>, the first active contactless attack against capacitive touchscreens. <monospace>GhostTouch</monospace> uses electromagnetic interference (EMI) to inject fake touch points into a touchscreen without the requirement to physically touch it. By tuning the parameters of the electromagnetic signal and adjusting the antenna, we can inject two types of basic touch events, taps and swipes, into targeted locations of the touchscreen and control them to manipulate the underlying device. We successfully launch the<monospace>GhostTouch</monospace> attacks on nine smartphone models. We can inject targeted taps continuously with a standard deviation of as low as <inline-formula><tex-math notation="LaTeX">$14.6 \times 19.2$</tex-math><alternatives><mml:math><mml:mrow><mml:mn>14</mml:mn><mml:mo>.</mml:mo><mml:mn>6</mml:mn><mml:mo>×</mml:mo><mml:mn>19</mml:mn><mml:mo>.</mml:mo><mml:mn>2</mml:mn></mml:mrow></mml:math><inline-graphic xlink:href="ji-ieq1-3352593.gif"/></alternatives></inline-formula> pixels from the target area, and a distance of up to <inline-formula><tex-math notation="LaTeX">$\text{40}\; {\text mm}$</tex-math><alternatives><mml:math><mml:mrow><mml:mtext>40</mml:mtext><mml:mspace width="0.277778em"/><mml:mrow><mml:mtext>m</mml:mtext><mml:mi>m</mml:mi></mml:mrow></mml:mrow></mml:math><inline-graphic xlink:href="ji-ieq2-3352593.gif"/></alternatives></inline-formula>. We show the real-world impact of the <monospace>GhostTouch</monospace> attacks in a few proof-of-concept scenarios, including pressing the button, answering an eavesdropping phone call, and swiping up to unlock. Finally, we propose touchscreen reinforcement and attack detection mechanisms to mitigate the threat of <monospace>GhostTouch</monospace> attack.