ACCessory: password inference using accelerometers on smartphones

@inproceedings{Owusu2012ACCessoryPI,
  title={ACCessory: password inference using accelerometers on smartphones},
  author={Emmanuel Owusu and Jun Han and Sauvik Das and A. Perrig and J. Zhang},
  booktitle={HotMobile '12},
  year={2012}
}
We show that accelerometer readings are a powerful side channel that can be used to extract entire sequences of entered text on a smart-phone touchscreen keyboard. This possibility is a concern for two main reasons. First, unauthorized access to one's keystrokes is a serious invasion of privacy as consumers increasingly use smartphones for sensitive transactions. Second, unlike many other sensors found on smartphones, the accelerometer does not require special privileges to access on current… Expand
TextLogger: inferring longer inputs on touch screen using motion sensors
TLDR
The feasibility of inferring long user inputs to readable sentences from motion sensor data is shown, which shows that more sensitive information about the device owners can be exposed by applying text mining technology on the inferred text. Expand
AlphaLogger: detecting motion-based side-channel attack using smartphone keystrokes
TLDR
AlphaLogger is developed and evaluated - an Android-based application that infers the alphabet keys being typed on a soft keyboard that can be inferred with an accuracy of 90.2% using accelerometer, gyroscope, and magnetometer. Expand
Practicality of accelerometer side channels on smartphones
TLDR
This paper demonstrates how to use the accelerometer sensor to learn user tap- and gesture-based input as required to unlock smartphones using a PIN/password or Android's graphical password pattern and develops sample rate independent features for accelerometer readings based on signal processing and polynomial fitting techniques. Expand
Secure Keyboards Against Motion Based Keystroke Inference Attack
TLDR
Two kinds of countermeasures against this attack by introducing vibration noise in sensor readings and dynamics in the keyboard layout, respectively are presented, which can effectively reduce the attackers’ keystroke inference accuracy without significantly hurting the typing efficiency. Expand
Side-Channel Inference Attacks on Mobile Keypads Using Smartwatches
TLDR
Experimental evaluation using commercial off-the-shelf smartwatches and smartphones show that key press inference using smartwatch motion sensors is not only fairly accurate, but also comparable with similar attacks using smartphone motion sensors. Expand
Type and Leak Your Ethnicity on Smartphones
TLDR
The side channel attack presented in this work demonstrates another potential privacy vulnerability which could be exploited by malicious apps for targeted activities such as advertisements. Expand
KeySens: Passive User Authentication through Micro-behavior Modeling of Soft Keyboard Interaction
TLDR
This paper proposes a novel passive authentication method, and model the micro-behavior of mobile users’ interaction with their devices’ soft keyboard, showing that the way a user types reflects their unique physical and behavioral characteristics. Expand
Your Eyes Reveal Your Secrets: An Eye Movement Based Password Inference on Smartphone
TLDR
A novel side-channel based keystroke inference framework to infer sensitive inputs on smartphone from video recordings of victim's eye patterns captured from smartphone front camera, and a novel algorithm to extract sensitive eye images from video streams, and classify these images with Support Vector Classification. Expand
GazeRevealer: Inferring Password Using Smartphone Front Camera
TLDR
A novel side-channel based keystroke inference framework to infer sensitive inputs on smartphone from video recordings of victim's eye patterns captured from smartphone front camera, and a novel algorithm to extract sensitive eye pattern images from video streams, and classify different eye patterns with Support Vector Classification. Expand
Inferring smartphone keypress via smartwatch inertial sensing
TLDR
This paper finds that the possibility of extracting the location of a user's touch-event on a smartphone, using the inertial sensor data of a smartwatch worn by the user on the same arm, and can infer the user's entry pattern on a qwerty keyboard, is possible. Expand
...
1
2
3
4
5
...

References

SHOWING 1-10 OF 32 REFERENCES
TouchLogger: Inferring Keystrokes on Touch Screen from Smartphone Motion
  • Liang Cai, Hao Chen
  • Computer Science
  • HotSec
  • 2011
TLDR
This work describes a new side channel, motion, on touch screen smartphones with only soft keyboards, and developed TouchLogger, an Android application that extracts features from device orientation data to infer keystrokes. Expand
ACComplice: Location inference using accelerometers on smartphones
TLDR
It is demonstrated that accelerometers can be used to locate a device owner to within a 200 meter radius of the true location and are comparable to the typical accuracy for handheld global positioning systems. Expand
(sp)iPhone: decoding vibrations from nearby keyboards using mobile phone accelerometers
TLDR
It is demonstrated that an application with access to accelerometer readings on a modern mobile phone can use such information to recover text entered on a nearby keyboard, and the potential to recover significant information from the vicinity of a mobile device without gaining access to resources generally considered to be the most likely sources of leakage. Expand
Defending against sensor-sniffing attacks on mobile phones
TLDR
This work explores the vulnerability where attackers snoop on users by sniffing on their mobile phone sensors, such as the microphone, camera, and GPS receiver, and proposes a general framework for such solutions. Expand
Soundcomber: A Stealthy and Context-Aware Sound Trojan for Smartphones
TLDR
This work presents Soundcomber, a Trojan with few and innocuous permissions, that can extract a small amount of targeted private information from the audio sensor of the phone, and performs efficient, stealthy local extraction, thereby greatly reducing the communication cost for delivering stolen data. Expand
Timing Analysis of Keystrokes and Timing Attacks on SSH
TLDR
A statistical study of users' typing patterns is performed and it is shown that these patterns reveal information about the keys typed, and that timing leaks open a new set of security risks, and hence caution must be taken when designing this type of protocol. Expand
Inferring Identity Using Accelerometers in Television Remote Controls
We show that accelerometers embedded in a television remote control can be used to distinguish household members based on the unique way each person wields the remote. This personalization capabilityExpand
Keyboard acoustic emanations
We show that PC keyboards, notebook keyboards, telephone and ATM pads are vulnerable to attacks based on differentiating the sound emanated by different keys. Our attack employs a neural network toExpand
"Are You with Me?" - Using Accelerometers to Determine If Two Devices Are Carried by the Same Person
TLDR
A method to determine if two devices are carried by the same person, by analyzing walking data recorded by low-cost MEMS accelerometers using the coherence function, a measure of linear correlation in the frequency domain, is presented. Expand
Keyboard acoustic emanations revisited
TLDR
A novel attack taking as input a 10-minute sound recording of a user typing English text using a keyboard, and then recovering up to 96% of typed characters, without any need for a labeled training recording is presented. Expand
...
1
2
3
4
...