Wednesday, May 7, 2025
HomeAndroidNewly Discovered Tap ’n Ghost Attack Let Hackers to Remotely Control Android...

Newly Discovered Tap ’n Ghost Attack Let Hackers to Remotely Control Android Smartphones

Published on

SIEM as a Service

Follow Us on Google News

A new attack dubbed Tap ‘n Ghost targets NFC enabled Android smartphones, let attackers to trigger malicious events on the victim’s smartphone and to take control over the smartphone remotely.

Nowadays, smartphones are used to interact with several networking devices that include wireless headphones, fitness devices, contactless payment systems, and other devices.

To connect with the networking devices smartphones are shipped with a number of cellular networks such as Wi-Fi, Bluetooth, and NFC. The new attack leverages the Near Field Communication (NFC) implementation of the Android OS version 4.1 or later.

- Advertisement - Google News

Researches from Waseda University proposed the Tap ’n Ghost attacks, and their survey with 300 respondents and a user study involving 16 participants shows that the attack is realistic.

Tap ’n Ghost Attack Techniques

With Tap ’n Ghost, researchers derived two attack techniques which let hackers trigger malicious events on the victim’s smartphone.

Tag-based Adaptive Ploy (TAP)

TAP attack works with a web server, it makes use of device fingerprinting and comprises NFC tag emulator and a single board computer with a Wi-Fi controller installed.

Once the victim phone comes near to the emulator, it reads the tag and launches the browser to open the malicious URL recorded in the NFC tag and the website employees the device fingerprinting about the victim device, based on the information computer determines the tag suited for the victim’s device.

“TAP system performs tailored attacks on the victim’s smartphone by employing device fingerprinting; e.g., popping up a customized dialog box asking whether or not to connect to an attacker’s Bluetooth mouse.”

Ghost Touch Generator

The attack relies on scattering the events around the original touch area, even if the victims want to touch a cancel button to disconnect from malicious Wi-Fi, the attack can make the system recognize as the touch of connect button.

“Ghost Touch Generator forces the victim to connect to the mouse even if she or he aimed to cancel the dialog by touching the “cancel” button; i.e., it alters the selection of a button on a screen,” reads the report.

The attack will succeed if it meets the following conditions

  • The smartphone comes with Android OS.
  • The smartphone is equipped with NFC.
  • The victim has enabled the NFC functionality.
  • The smartphone’s touchscreen controller is attackable
    with Ghost Touch Generator.
  • The victim has unlocked the smartphone when she or he
    brings it close to the Malicious Table.
  • Ghost Touch Generator attack has succeeded.

Attackers could use this new attack method to launch targeted attacks; a successful attack let hackers steal confidential information from the company.

Mitigations

These attacks can be prevented if the user authentication process is added before the Android OS launches applications recorded in an NFC tag.

Researchers noted that some touchscreen controllers stopped working when a strong electric field was applied. Although these observations are not conclusive, we conjecture that the manufactures of these controllers may have installed mechanisms to stop the controllers upon detection of external noises.

“Our attack is a proof-of-concept; we provide possible countermeasures that will thwart the threats. We believe that the concept of our attacks sheds new light on the security research of mobile/IoT devices,” researchers concluded.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates also you can take the Best Cybersecurity courses online to keep your self-updated.

Also Read:

Free tool to Check Website Security, Mobile app, SSL Security & Phishing Test

Hackers Abuse GitHub Service to Host Variety of Phishing Kits to Steal Login Credentials

Google to Block Logins From Embedded Browser Frameworks to Protect From Phishing & MitM Attacks

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

PoC Tool Released to Detect Servers Affected by Critical Apache Parquet Vulnerability

F5 Labs has released a new proof-of-concept (PoC) tool designed to help organizations detect...

Healthcare Sector Becomes a Major Target for Cyber Attacks in 2025

The healthcare sector has emerged as a prime target for cyber attackers, driven by...

SysAid ITSM Vulnerabilities Enables Pre-Auth Remote Command Execution

Security researchers have disclosed a chain of critical vulnerabilities affecting SysAid ITSM’s On-Premise solution,...

CISA Warns of Cyber Threats to Oil and Gas SCADA and ICS Networks

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a new alert warning critical...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

PoC Tool Released to Detect Servers Affected by Critical Apache Parquet Vulnerability

F5 Labs has released a new proof-of-concept (PoC) tool designed to help organizations detect...

Healthcare Sector Becomes a Major Target for Cyber Attacks in 2025

The healthcare sector has emerged as a prime target for cyber attackers, driven by...

SysAid ITSM Vulnerabilities Enables Pre-Auth Remote Command Execution

Security researchers have disclosed a chain of critical vulnerabilities affecting SysAid ITSM’s On-Premise solution,...