Shuo Wang and Team Warn Against the Dangers of the ‘Invisible Finger’

Dr. Shuo Wang

Add the ‘invisible finger’ to the growing list of potential hacking attacks against which our devices need to be defended. ECE researcher Dr. Shuo Wang and his security research group at the Warren B. Nelms Institute for the Connected World have been making the rounds of late, showcasing their research to Apple, Intel, Google and the like. They also presented at BlackHat 2022. What’s the big commotion? It turns out that touchscreen-based electronic devices are vulnerable to intentional electromagnetic interference (IEMI) attacks.

Interviewed in PCMag, a member of Dr. Wang’s team, ECE PhD student Haoqi Shan explained:

“This is a remote precise touch injection attack against capacitive touch screens using an IEMI (intentional electromagnetic interference) signal,” he said. “Our attack has an effective range of three to four centimeters. We can induce a short tap, a long-press, or a swipe in any direction.”

Though research in this area is still in its infancy, Dr. Wang’s research highlights an important vulnerability that is not widely considered—false touch.

Four of the paper authors at the IEEE Security & Privacy Conference 2022. (L-R): Zihao Zhan, Haoqi Shan, Shuo Wang, Dean Sullivan.

The paper that started it all, “Invisible Finger: Practical Electromagnetic Interference Attack on Touchscreen-based Electronic Devices” was authored by Dr. Wang along with ECE PhD students Haoqi Shan, Boyi Zhang, Zihao Zhan, former ECE Associate Professor Yier Jin, and University of New Hampshire Assistant Professor Dean Sullivan. The paper won a Distinguished Paper Award at the 2022 IEEE Symposium on Security and Privacy, and is making waves worldwide. Global media outlets such as Vice, PCMag, New Scientist, and Digital Information World have picked up the story, sensing the importance of the research. Since the (at this point) theoretical attacks work on the capacitive screens themselves, not the operating systems or hardware at the heart of the devices, the particular platform is irrelevant—iOS, Android, and Windows devices would be equally vulnerable.