Marionette: Manipulate Your Touchscreen via a Charging Cable | IEEE Journals & Magazine | IEEE Xplore
Subscribe
ADVANCED SEARCH
Journals & Magazines >IEEE Transactions on Dependab... >Volume: 21 Issue: 4

Marionette: Manipulate Your Touchscreen via a Charging Cable

PDF
Yan Jiang; Xiaoyu Ji; Kai Wang; Chen Yan; Richard Mitev; Ahmad-Reza Sadeghi
All Authors

Abstract:

The security of capacitive touchscreens is crucial since they have become the primary human-machine interface on smart devices. This paper presents Marionette, the first ...Show More

Metadata

Abstract:

The security of capacitive touchscreens is crucial since they have become the primary human-machine interface on smart devices. This paper presents Marionette, the first wired attack that creates ghost touches on capacitive touchscreens via charging cables and can manipulate the victim's devices with undesired consequences, e.g., establishing malicious Bluetooth connections. Our study provides a new threat vector against touchscreens that only requires connecting to a malicious charging port, which could be a public charging station, and is effective across various USB data blockers and power adapters. Despite the fact that smartphones employ abundant noise reduction and voltage management techniques, we manage to inject carefully crafted signals that can induce ghost touches within a chosen range. The underlying principle is to inject common-mode noises over the power line to avoid being effectively filtered yet affecting the touch measurement mechanism and synchronize the malicious noise with the screen measurement scanning cycles to place the ghost touches at target locations. We achieve three types of attacks, i.e., injection, alteration, and Denial-of-Service, and the evaluation of 12 commercial electronics, 6 power adapters, and 13 charging cables demonstrate the feasibility of Marionette.
Published in: IEEE Transactions on Dependable and Secure Computing ( Volume: 21, Issue: 4, July-Aug. 2024)
Page(s): 3309 - 3323
Date of Publication: 20 October 2023

ISSN Information:

DOI: 10.1109/TDSC.2023.3326181

Funding Agency:

References is not available for this document.
Contents

I. Introduction

Capacitive touchscreens have been widely used in consumer electronic devices, e.g., smartphones, tablets, and even vehicles [1], [2]. Reliable touch operation becomes critical not only for usability but also for security. “Ghost Touch” has been reported in recent news, in which the touchscreen outputs fake touches and starts to control the smart device by itself yet the user does not impose any physical contacts on the screen at all [3], [4], [5], [6]. In one case [6], a charging smartphone was controlled by ghost touches and booked a presidential suite that cost more than a thousand dollars while the user was not aware of it. To the best of our knowledge, the phenomenon that controlled ghost touches appear on the charging devices has not been studied before, so it motivates us to dig into the trustworthiness of capacitive touchscreens under conducted EMI and their security implication on the victim devices.

Select All
1.
"Touch screen display market size covid-19 impact analysis regional analysis application development competitive landscape forecast 2021–2027", 2021, [online] Available: https://www.gminsights.com/industry-analysis/touch-screen-display-market.
Google Scholar
2.
H. Nam, K.-H. Seol, J. Lee, H. Cho and S. W. Jung, "Review of capacitive touchscreen technologies: Overview research trends and machine learning approaches", Sensors, vol. 21, 2021.
CrossRef Google Scholar
3.
"Why does my touch screen go crazy while charging?", 2019, [online] Available: https://forums.androidcentral.com/threads/why-does-my-touch-screen-go-crazy-while-charging.497397/#:∼:text=Re%3A%20touch%20screen%20issues%20whilefor%20at%20least%206%22.
Google Scholar
4.
"Touchscreen problems while charging", 2012, [online] Available: https://forum.xda-developers.com/showthread.php?t=1784773.
Google Scholar
5.
"Glitchy touchscreen caused by charger [closed]", 2013, [online] Available: https://electronics.stackexchange.com/questions/77631/glitchy-touchscreen-caused-by-charger.
Google Scholar
6.
"The cell phone being charged automatically booked a ten thousand yuan presidential suite and checked the chat history", 2018, [online] Available: http://www.nbd.com.cn/articles/2018–10-08/1260630.html.
Google Scholar
7.
S. Maruyama, S. Wakabayashi and T. Mori, "Tap ’n ghost: A compilation of novel attack techniques against smartphone touchscreens", Proc. IEEE Symp. Secur. Privacy, pp. 620-637, 2019.
View Article
Google Scholar
8.
K. Wang, R. Mitev, C. Yan, X. Ji, A.-R. Sadeghi and W. Xu, "GhostTouch: Targeted attacks on touchscreens without physical touch", Proc. 31st USENIX Secur. Symp., pp. 1543-1559, 2022.
Google Scholar
9.
H. Shan, B. Zhang, Z. Zhan, D. Sullivan, S. Wang and Y. Jin, "Invisible finger: Practical electromagnetic interference attack on touchscreen-based electronic devices", Proc. IEEE Symp. Secur. Privacy, pp. 1548-1548, 2022.
View Article
Google Scholar
10.
B. Zhang and S. Wang, "Analysis of the susceptibility of capacitive touchscreens to external electric field interference", Proc. Asia-Pacific Int. Symp. Electromagn. Compat., pp. 739-741, 2022.
View Article
Google Scholar
11.
H. Zhu, Z. Yu, W. Cao, N. Zhang and X. Zhang, "PowerTouch: A security objective-guided automation framework for generating wired ghost touch attacks on touchscreens", Proc. 41st IEEE/ACM Int. Conf. Comput.-Aided Des., pp. 1-9, 2022.
View Article
Google Scholar
12.
Z. Li, "Power management integrated circuits design functionality analysis and applications", 2005.
Google Scholar
13.
Y. Choi, N. Chang and T. Kim, "DC–DC converter-aware power management for low-power embedded systems", IEEE Trans. Comput.-Aided Des. Integr. Circuits Syst., vol. 26, no. 8, pp. 1367-1381, Aug. 2007.
View Article
Google Scholar
14.
P. S. Crovetti and F. Fiori, "Distributed conversion of common-mode into differential-mode interference", IEEE Tran. Microw. Theory Techn., vol. 59, no. 8, pp. 2140-2150, Aug. 2011.
View Article
Google Scholar
15.
J. Zhou et al., "Measurement techniques to identify soft failure sensitivity to ESD", IEEE Trans. Electromagn. Compat., vol. 62, no. 4, pp. 1007-1016, Aug. 2020.
View Article
Google Scholar
16.
S. Yang et al., "Measurement techniques to predict the soft failure susceptibility of an IC without the aid of a complete software stack", Proc. IEEE Int. Symp. Electromagn. Compat., pp. 41-45, 2016.
View Article
Google Scholar
17.
"Synaptics Latest advances in touch and display integration for smartphones and tablets".
Google Scholar
18.
T. Vu et al., "Capacitive touch communication: A technique to input data through devices’ touch screen", IEEE Trans. Mobile Comput., vol. 13, no. 1, pp. 4-19, Jan. 2014.
View Article
Google Scholar
19.
S. -L. Huang, S. -Y. Hung and C. -P. Chen, "Frequency hopping and parallel driving with random delay especially suitable for the charger noise problem in mutual-capacitive touch applications", IEEE Access, vol. 7, pp. 3980-3993, 2019.
View Article
Google Scholar
20.
J. -Y. Ruan, C.-P. Chao and W. -D. Chen, "A multi-touch interface circuit for a large-sized capacitive touch panel", Proc. IEEE Sensors, pp. 309-314, 2010.
View Article
Google Scholar
21.
Y. Yoo and B.-D. Choi, "Readout Circuits for Capacitive Sensors", Micromachines, vol. 12, no. 8, 2021.
CrossRef Google Scholar
22.
M. Miyamoto, M. Hamaguchi and A. Nagao, "A 143 × 81 mutual-capacitance touch-sensing analog front-end with parallel drive and differential sensing architecture", IEEE J. Solid-State Circuits, vol. 50, no. 1, pp. 335-343, Jan. 2015.
View Article
Google Scholar
23.
M. G. Mohamed and H. W. Kim, "Concurrent driving method with fast scan rate for large mutual capacitance touch screens", J. Sensors, vol. 2015, 2015.
CrossRef Google Scholar
24.
S. P. Hotelling, C. H. Krah and B. Q. Huppi, "Multipoint touch surface controller", 2017.
Google Scholar
25.
H. Shin, S. Ko, H. Jang, I. Yun and K. Lee, "A 55db SNR with 240Hz frame scan rate mutual capacitor 30× 24 touch-screen panel read-out IC using code-division multiple sensing technique", Proc. IEEE Int. Solid-State Circuits Conf. Dig. Tech. Papers, pp. 388-389, 2013.
View Article
Google Scholar
26.
A. Ng and P. H. Dietz, "39.3: The need for speed in touch systems", Proc. SID Symp. Dig. Tech. Papers, pp. 547-550, 2013.
CrossRef Google Scholar
27.
G. Schwarz, "Development of a parallel and time interleaved multi-channel capacitance measurement system", Inst. Elect. Meas. Meas. Signal Process., vol. 10, 2016.
Google Scholar
28.
S. Aoki, T. Onogi and S. Yokoyama, "Charge conservation", 2021.
Google Scholar
29.
M. Miloudi, A. Bendaoud and H. Miloudi, "Common and differential modes of conducted electromagnetic interference in switching power converters", Revue Roumaine Sci. Technique–Électrotechnique. et Énergétique, vol. 62, no. 3, pp. 246-251, 2017.
Google Scholar
30.
M. Kaur, S. Kakar and D. Mandal, "Electromagnetic interference", Proc. 3rd Int. Conf. Electron. Comput. Technol., pp. 1-5, 2011.
View Article
Google Scholar
Contact IEEE to Subscribe
More Like This
Parallel High Capacitance Capacitors Connected With Flexible Electrodes for Enhancement of cECG Signal Quality

IEEE Sensors Journal

Published: 2023

Electrical Capacitance Tomography Sensor Using Internal Electrodes

IEEE Sensors Journal

Published: 2020

Show More

References

References is not available for this document.

IEEE Account

Purchase Details

Profile Information

Need Help?

A not-for-profit organization, IEEE is the world's largest technical professional organization dedicated to advancing technology for the benefit of humanity.
© Copyright 2025 IEEE - All rights reserved. Use of this web site signifies your agreement to the terms and conditions.