Academics abuse NFC-enabled devices with capacitive touchscreens to induce fake screen taps.
Modern Android smartphones are susceptible to a new type of attack named "Tap 'n Ghost" that can induce fake finger taps to take unwanted actions.
The attack exploits flaws at both the software and hardware level and has been proven to work even against the most recent smartphone models.
It works against most NFC-enabled smartphones with capacitive touchscreens -- which is the most common smartphone touchscreen technology today.
Generating fake screen taps
The Tap 'n Ghost attack -- discovered and documented by three academics from the Waseda University in Tokyo -- works using an attack rig that consists of a 5mm thick copper sheet connected to a DDS signal generator, a high-voltage transformer, a battery pack, NFC readers/writers, and a small computer (laptop, Raspberry Pi).
This rig might look bulky, but the research team says it can be embedded inside regular tables, coffee tables, or any other furniture object on which a victim might place their smartphone.