Other researchers have attempted to steal keystrokes using a phone's microphone, but there are drawbacks to that method. For example, microphones have a sampling frequency of 44,000 vibrations per second. This is much more difficult to analyze than an accelerometer, which samples at just 100 times per second.

Also, handset makers typically restrict app access to phone microphones. When an app tries to grab hold of the mic, your phone will usually ask you if you want that to happen. Such protections aren't placed around accelerometers.

How it Works

The malware creates a model based on probability and keyboard pairs. It determines if a pair is on the left or right side of the keyboard, and then it determines the distance between the keys in the pair--are they far apart or close together? After analyzing that data for a series of pairs, it compares what it's hearing to a pre-loaded dictionary that classifies words based on left-right, near-far characteristics.

For example, the word "canoe" would consist of four pairs: C-A, A-N, N-O and O-E. The malware would interpret those strokes into Left-Left-Near, or LLN, LRF, RRF and RLF. When that data is compared to the entries in pre-loaded dictionary, a statistically probable result would be produced. In this case, "canoe."