(sp)iPhone: decoding vibrations from nearby keyboards using mobile phone accelerometers

@inproceedings{Marquardt2011spiPhoneDV,
  title={(sp)iPhone: decoding vibrations from nearby keyboards using mobile phone accelerometers},
  author={Philip Marquardt and Arun Prakash Verma and Henry Carter and Patrick Traynor},
  booktitle={CCS '11},
  year={2011}
}
Mobile phones are increasingly equipped with a range of highly responsive sensors. From cameras and GPS receivers to three-axis accelerometers, applications running on these devices are able to experience rich interactions with their environment. Unfortunately, some applications may be able to use such sensors to monitor their surroundings in unintended ways. In this paper, we demonstrate that an application with access to accelerometer readings on a modern mobile phone can use such information… 
Keyboard Side Channel Attacks on Smartphones Using Sensor Fusion
TLDR
This paper explores how data from various sensors can be fused to improve the accuracy in recovering characters typed in a nearby mechanical keyboard from a smartphone by combining emanations recorded from multiple sensors available in a smartphone and fuse them to achieve higher accuracy than any single sensor.
Practicality of accelerometer side channels on smartphones
TLDR
This paper demonstrates how to use the accelerometer sensor to learn user tap- and gesture-based input as required to unlock smartphones using a PIN/password or Android's graphical password pattern and develops sample rate independent features for accelerometer readings based on signal processing and polynomial fitting techniques.
AccelPrint: Imperfections of Accelerometers Make Smartphones Trackable
TLDR
This paper submits a hypothesis that smartphone/tablet accelerometers possess unique fingerprints, which can be exploited for tracking users, and believes that the fingerprints arise from hardware imperfections during the sensor manufacturing process, causing every sensor chip to respond differently to the same motion stimulus.
Keyboard Snooping from Mobile Phone Arrays with Mixed Convolutional and Recurrent Neural Networks
TLDR
It is concluded that, in order to launch a successful attack, the attacker would need advanced knowledge of the table from which a user types, and the style of keyboard on which a users types, which greatly limit the feasibility of such an attack to highly capable attackers.
TextLogger: inferring longer inputs on touch screen using motion sensors
TLDR
The feasibility of inferring long user inputs to readable sentences from motion sensor data is shown, which shows that more sensitive information about the device owners can be exposed by applying text mining technology on the inferred text.
Predicting Tap Locations on Touch Screens in the Field Using Accelerometer and Gyroscope Sensor Readings
TLDR
This work proposes TapSensing, a data acquisition system designed to collect touch screen tap event information with corresponding accelerometer and gyroscope readings that shows that smartphone motion sensors could potentially be used to comprise the user's privacy in any surrounding user’s interact with the devices.
Tapprints: your finger taps have fingerprints
TLDR
The location of screen taps on modern smartphones and tablets can be identified from accelerometer and gyroscope readings, and TapPrints, a framework for inferring the location of taps on mobile device touch-screens using motion sensor data combined with machine learning analysis is presented.
TapLogger: inferring user inputs on smartphone touchscreens using on-board motion sensors
TLDR
This paper utilizes an installed trojan application to stealthily monitor the movement and gesture changes of a smartphone using its on-board motion sensors and presents the design and implementation of TapLogger, a trojanApplication for the Android platform, which stealthily logs the password of screen lock and the numbers entered during a phone call.
Using Unrestricted Mobile Sensors to Infer Tapped and Traced User Inputs
  • Trang Nguyen
  • Computer Science
    2015 12th International Conference on Information Technology - New Generations
  • 2015
TLDR
This work demonstrates that it is indeed possible to recover both tap and trace inputted text using only motion sensor data and develops an application that can use the gyroscope and accelerometer to interpret what the user has written, even if trace input is used.
PIN skimmer: inferring PINs through the camera and microphone
TLDR
It turns out to be difficult to prevent such side-channel attacks, so guidelines for developers to mitigate present and future side- channel attacks on PIN input are provided.
...
...

References

SHOWING 1-10 OF 52 REFERENCES
Compromising Electromagnetic Emanations of Wired and Wireless Keyboards
TLDR
It is concluded that most of modern computer keyboards generate compromising emanations (mainly because of the manufacturer cost pressures in the design), Hence, they are not safe to transmit confidential information.
Compromising Reflections-or-How to Read LCD Monitors around the Corner
TLDR
This work presents a novel eavesdropping technique that exploits reflections of the screen's optical emanations in various objects that one commonly finds in close proximity to the screen and uses those reflections to recover the original screen content.
Soundcomber: A Stealthy and Context-Aware Sound Trojan for Smartphones
TLDR
This work presents Soundcomber, a Trojan with few and innocuous permissions, that can extract a small amount of targeted private information from the audio sensor of the phone, and performs efficient, stealthy local extraction, thereby greatly reducing the communication cost for delivering stolen data.
From mobile phones to responsible devices
TLDR
This paper examines the requirements for providing effective mediation and access control for mobile phones, and argues for user devices that enable predictable behavior in a network—where their trusted computing bases can protect key applications and create predictable network impact.
Defending against sensor-sniffing attacks on mobile phones
TLDR
This work explores the vulnerability where attackers snoop on users by sniffing on their mobile phone sensors, such as the microphone, camera, and GPS receiver, and proposes a general framework for such solutions.
On lightweight mobile phone application certification
TLDR
The Kirin security service for Android is proposed, which performs lightweight certification of applications to mitigate malware at install time and indicates that security configuration bundled with Android applications provides practical means of detecting malware.
Keyboard acoustic emanations revisited
TLDR
An attack taking as input a 10-minute sound recording of a user typing English text using a keyboard and recovering up to 96% of typed characters is presented, using the statistical constraints of the underlying content, English language, to reconstruct text from sound recordings without knowing the corresponding clear text.
Mobile phones as computing devices: the viruses are coming!
TLDR
This work presents a taxonomy of attacks against mobile phones that shows known as well as potential attacks, and describes viruses, worms, and trojans specifically designed for the mobile environment.
Dictionary attacks using keyboard acoustic emanations
We present a dictionary attack that is based on keyboard acoustic emanations. We combine signal processing and efficient data structures and algorithms, to successfully reconstruct single words of
Optical time-domain eavesdropping risks of CRT displays
  • M. Kuhn
  • Physics
    Proceedings 2002 IEEE Symposium on Security and Privacy
  • 2002
TLDR
Experiments show that enough high-frequency content remains in the emitted light to permit the reconstruction of readable text by deconvolving the signal received with a fast photosensor, and that optical compromising emanations can be received even after diffuse reflection from a wall.
...
...