A new academic study shows that a regular smartphone can act as a sonar system and steal sensitive information based on the victim’s finger movement on the screen.

Researchers from Lancaster and Linköping University set out to capture the unlock pattern of an Android phone (Samsung S4) using the principle of a sonar: emitting sound waves and catching their echoes produced as they bounce off nearby objects.

Phone works as a sonar

Named SonarSnoop, the framework they developed relies on the phone’s speakers to issue acoustic signals and its microphones to catch the reflections. In this regard, SonarSnoop is the first active acoustic side-channel attack because it does not wait for the victim to generate the acoustic signal.

The researchers explain that the speakers send an orthogonal frequency-division multiplexing (OFDM) signal at a frequency inaudible to most humans (18-20kHz), so the user remains unaware of the audio activity.

When the objects are static, all returning echoes arrive at the same time, and a difference is observed when the finger moves on the screen.

“The received signals are represented by a so-called echo profile matrix which visualizes this shift and allows us to observe movement. Combining observed movement from multiple microphones allows us to estimate strokes and inflections,” the study clarifies.

Analyzing movement on the screen

The next stage after generating the signal and collecting the data is is to process the signal. This step takes into consideration the position of the microphones on the device and aims to clear the artifacts that may interfere with data analysis.