ExtremeTech summarizes the work of University of California Davis researchers Hao Chen and Lian Cai who in a recent paper demonstrated how to keylog a mobile device from the data from its accelerometer. That might not be such a big deal except, as ExtremeTech puts it,
This is significant because the data from accelerometers is not thought of as a potential attack vector, and is thus freely available to any application on any smartphone or tablet.
And, it gets even better (emphasis added),
Finally, it’s important to note that this side channel isn’t just a security hole in Android: accelerometer and gyroscope data is available through the DeviceOrientation API, which is implemented by all modern desktop (and laptop) browsers, and Android 3.0 and iOS 4.2. In other words, this current exploit would require you to install TouchLogger on your Android phone — but in theory, someone could take the work of Chen and Cai, implement it in JavaScript, and then use it to steal your login details and credit card info when you surf the web.
Just another day in the Securitypocalypse.