ACCessory: password inference using accelerometers on smartphones

@inproceedings{Owusu2012ACCessoryPI,
  title={ACCessory: password inference using accelerometers on smartphones},
  author={Emmanuel Owusu and Jun Han and Sauvik Das and Adrian Perrig and Joy Ying Zhang},
  booktitle={Workshop on Mobile Computing Systems and Applications},
  year={2012}
}
We show that accelerometer readings are a powerful side channel that can be used to extract entire sequences of entered text on a smart-phone touchscreen keyboard. This possibility is a concern for two main reasons. First, unauthorized access to one's keystrokes is a serious invasion of privacy as consumers increasingly use smartphones for sensitive transactions. Second, unlike many other sensors found on smartphones, the accelerometer does not require special privileges to access on current… 
View on ACM
cmuchimps.org
386 Citations
Highly Influential Citations
32
Background Citations
201
Methods Citations
77
Results Citations
5

Figures and Tables from this paper

386 Citations

TextLogger: inferring longer inputs on touch screen using motion sensors

The feasibility of inferring long user inputs to readable sentences from motion sensor data is shown, which shows that more sensitive information about the device owners can be exposed by applying text mining technology on the inferred text.

AlphaLogger: detecting motion-based side-channel attack using smartphone keystrokes

AlphaLogger is developed and evaluated - an Android-based application that infers the alphabet keys being typed on a soft keyboard that can be inferred with an accuracy of 90.2% using accelerometer, gyroscope, and magnetometer.

Practicality of accelerometer side channels on smartphones

This paper demonstrates how to use the accelerometer sensor to learn user tap- and gesture-based input as required to unlock smartphones using a PIN/password or Android's graphical password pattern and develops sample rate independent features for accelerometer readings based on signal processing and polynomial fitting techniques.

Secure Keyboards Against Motion Based Keystroke Inference Attack

Two kinds of countermeasures against this attack by introducing vibration noise in sensor readings and dynamics in the keyboard layout, respectively are presented, which can effectively reduce the attackers’ keystroke inference accuracy without significantly hurting the typing efficiency.

Side-Channel Inference Attacks on Mobile Keypads Using Smartwatches

Experimental evaluation using commercial off-the-shelf smartwatches and smartphones show that key press inference using smartwatch motion sensors is not only fairly accurate, but also comparable with similar attacks using smartphone motion sensors.

Type and Leak Your Ethnicity on Smartphones

The side channel attack presented in this work demonstrates another potential privacy vulnerability which could be exploited by malicious apps for targeted activities such as advertisements.

Machine Learning for PIN Side-Channel Attacks Based on Smartphone Motion Sensors

It is shown that information about smartphone movements can lead to the identification of a Personal Identification Number (PIN) typed by the user, and the feasibility of PIN cyber-attacks based on motion sensors is shown.

GazeRevealer: Inferring Password Using Smartphone Front Camera

A novel side-channel based keystroke inference framework to infer sensitive inputs on smartphone from video recordings of victim's eye patterns captured from smartphone front camera, and a novel algorithm to extract sensitive eye pattern images from video streams, and classify different eye patterns with Support Vector Classification.

Inferring smartphone keypress via smartwatch inertial sensing

This paper finds that the possibility of extracting the location of a user's touch-event on a smartphone, using the inertial sensor data of a smartwatch worn by the user on the same arm, and can infer the user's entry pattern on a qwerty keyboard, is possible.

Using Unrestricted Mobile Sensors to Infer Tapped and Traced User Inputs

  • Trang Nguyen
  • Computer Science
    2015 12th International Conference on Information Technology - New Generations
  • 2015
This work demonstrates that it is indeed possible to recover both tap and trace inputted text using only motion sensor data and develops an application that can use the gyroscope and accelerometer to interpret what the user has written, even if trace input is used.
...

References

SHOWING 1-10 OF 25 REFERENCES

TouchLogger: Inferring Keystrokes on Touch Screen from Smartphone Motion

This work describes a new side channel, motion, on touch screen smartphones with only soft keyboards, and developed TouchLogger, an Android application that extracts features from device orientation data to infer keystrokes.

ACComplice: Location inference using accelerometers on smartphones

It is demonstrated that accelerometers can be used to locate a device owner to within a 200 meter radius of the true location and are comparable to the typical accuracy for handheld global positioning systems.

(sp)iPhone: decoding vibrations from nearby keyboards using mobile phone accelerometers

It is demonstrated that an application with access to accelerometer readings on a modern mobile phone can use such information to recover text entered on a nearby keyboard, and the potential to recover significant information from the vicinity of a mobile device without gaining access to resources generally considered to be the most likely sources of leakage.

Defending against sensor-sniffing attacks on mobile phones

This work explores the vulnerability where attackers snoop on users by sniffing on their mobile phone sensors, such as the microphone, camera, and GPS receiver, and proposes a general framework for such solutions.

Soundcomber: A Stealthy and Context-Aware Sound Trojan for Smartphones

This work presents Soundcomber, a Trojan with few and innocuous permissions, that can extract a small amount of targeted private information from the audio sensor of the phone, and performs efficient, stealthy local extraction, thereby greatly reducing the communication cost for delivering stolen data.

Timing Analysis of Keystrokes and Timing Attacks on SSH

A statistical study of users' typing patterns is performed and it is shown that these patterns reveal information about the keys typed, and that timing leaks open a new set of security risks, and hence caution must be taken when designing this type of protocol.

Keyboard acoustic emanations

We show that PC keyboards, notebook keyboards, telephone and ATM pads are vulnerable to attacks based on differentiating the sound emanated by different keys. Our attack employs a neural network to

"Are You with Me?" - Using Accelerometers to Determine If Two Devices Are Carried by the Same Person

A method to determine if two devices are carried by the same person, by analyzing walking data recorded by low-cost MEMS accelerometers using the coherence function, a measure of linear correlation in the frequency domain, is presented.

uWave: Accelerometer-based personalized gesture recognition and its applications

Stealthy video capturer: a new video-based spyware in 3G smartphones

This work designs a new video-based spyware, called Stealthy Video Capturer (SVC), which can secretly record video information for the third party, greatly compromising Smartphone users' privacy.