[unixpickle]

> We can inject targeted taps continuously with a standard deviation of as low as 14.6 x 19.2 pixels from the target area, a delay of less than 0.5s and a distance of up to 40mm

Seems like 40mm isn't a very far distance. I understand that this is a PoC, but it seems like making this work from a distance is more "important" than having a low delay or super accurate precision.

[kurthr]

This is because capacitive touchscreens are inherently a near-field phenomena. They are designed to detect extremely small capacitances (<fF) at relatively low frequencies (<500kHz) relatively low voltage (<5V) at high report rates (>120Hz) in the presence of very significant display noise (5-10V >1nF coupling). They require >120dB of OutOfBand rejection to operate. Cost per transceiver is ~$0.01.

They fundamentally measure the channel between arrays of neighboring electrodes. That makes them self shielding (like a Faraday shield) since they typically are designed to be relatively immune to uniform changes in coupling. From any distance comparable to the size of the touch screen the differential coupling to electrodes falls off exponentially. Near the screen they fall off 1/d then 1/d^n dominates farther out.

In order to avoid interfering with other parts of the device, they tend to be highly encoded narrowband signals and change (to known good) frequencies when they detect interference. That makes most narrow band techniques less effective. High voltage impulsive noise is most likely to have an effect, but triggering ESD detection/rejection might create a sweet spot in amplitude.

[dwheeler]

At 40 mm, it seems basically useless as an attack in almost all circumstances.

However, I wouldn't write it off completely, because if somebody else can extend its distance further then I can see it becoming a concerning attack.

[kurthr]

I'd agree, requiring in-room access makes it not that big a deal. There are other attacks (like measuring the radiated emissions) to detect finger coupling remotely that I'd be more concerned about. Those could detect private user input and could be hidden nearby.

[nine_k]

If it's enough distance to penetrate your pocket (which I'd say more like 3 mm), it may have interesting implications.

[megous]

Touchscreen should be off in your pocket.

[bsnal]

All phones I’ve used in the last years turn on when you tap the touchscreen once or twice while it’s off.

[bikingbismuth]

(Hopefully)Most phones are locked when they are woken up.

[madacol]

Call the target, screen turns on, ghosttouch to answer before it even rings

[megous]

Why would screen turn on in your pocket? Smartphones have light/proximity sensors to turn off the (touch)screen when you put it near your head so that you don't tap things with your ear. It should not turn on. If it does, it's programmed badly.