An Indirect Eavesdropping Attack of Keystrokes on Touch Screen through Acoustic Sensing

@article{Yu2021AnIE,
  title={An Indirect Eavesdropping Attack of Keystrokes on Touch Screen through Acoustic Sensing},
  author={Jiadi Yu and Li Lu and Yingying Chen and Yanmin Zhu and L. Kong},
  journal={IEEE Transactions on Mobile Computing},
  year={2021},
  volume={20},
  pages={337-351}
}
  • Jiadi YuLi Lu L. Kong
  • Published 1 February 2021
  • Computer Science
  • IEEE Transactions on Mobile Computing
This paper demonstrates the feasibility of a side-channel attack to infer keystrokes on touch screen leveraging an off-the-shelf smartphone. Although there exist some studies on keystroke eavesdropping attacks on touch screen, they are mainly direct eavesdropping attacks, i.e., require the device of victims compromised to provide side-channel information for the adversary, which are hardly launched in practical scenarios. In this work, we show the practicability of an indirect eavesdropping… 

Thwarting Unauthorized Voice Eavesdropping via Touch Sensing in Mobile Systems

This work first design eavesdropping apps through native development and injection development to conduct eavesdropping attacks on a series of smart devices, and proposes a valid eavesdropping detection (EarDet) scheme based on the discovery that the activation of voice function in most apps requires authorization from the user by touching a specific voice icon.

MagHacker: eavesdropping on stylus pen writing via magnetic sensing from commodity mobile devices

MagHacker is a new sensing system that realizes such eavesdropping attack over commodity mobile devices, which monitor and analyze the magnetic field being produced by the stylus pen's internal magnet.

EarSpy: Spying Caller Speech and Identity through Tiny Vibrations of Smartphone Ear Speakers

Recent trends in smartphone manufacturers that include ex-tra/powerful speakers in place of small ear speakers are explored, and the feasibility of using motion sensors to capture such tiny speech vibrations is demonstrated, to examine the potential to elicit private speech information from the minute vibrations.

Behavioral Acoustic Emanations: Attack and Verification of PIN Entry Using Keypress Sounds

A side-channel attack on a 4–6 digit random PIN key, and a PIN key user verification method that can improve the security of PIN entry devices.

EchoHand: High Accuracy and Presentation Attack Resistant Hand Authentication on Commodity Mobile Devices

EchoHand is presented, a high accuracy and presentation attack resistant authentication scheme that complements camera-based 2-dimensional hand geometry recognition of one hand with active acoustic sensing of the other holding hand and defeats presentation attacks.

Push the Limit of WiFi-based User Authentication towards Undefined Gestures

  • Hao KongLi Lu F. Lyu
  • Computer Science
    IEEE INFOCOM 2022 - IEEE Conference on Computer Communications
  • 2022
This work design an adversarial learning-based model, which suppresses specific gesture characteristics, and extracts invariant individual uniqueness unrelated to specific body gestures, to authenticate users in a gesture-independent manner.

Behavioral Model For Live Detection of Apps Based Attack

An application-based attack modeling and attack detection scheme is proposed and a novel attack vulnerability is identified based on the app execution on the smartphone.

PhoneyTalker: An Out-of-the-Box Toolkit for Adversarial Example Attack on Speaker Recognition

PhoneyTalker is proposed, an out-of-the-box toolkit for any adversary to generate universal and transferable adversarial examples with low complexity, releasing the requirement for professional background and specialized equipment.

WiPOS: A POS Terminal Password Inference System Based on Wireless Signals

The WiPOS, a password inference system based on wireless signals, is put forward, a device-free system that uses two commercial off-the-shelf (COTS) devices to collect WiFi signals and achieves improvement on both keystroke recognition and password prediction.

Smartphone-based Handwritten Signature Verification using Acoustic Signals

SonarSign is presented, an on-line handwritten signature verification system based on inaudible acoustic signals that can achieve accurate and robust signatures verification with an AUC of 98.02% and an EER of 5.79% for unseen users.

References

SHOWING 1-10 OF 44 REFERENCES

No Training Hurdles: Fast Training-Agnostic Attacks to Infer Your Typing

This paper discovers that it is possible to design keystroke eavesdropping attacks without requiring the training phase, and creates this attack based on the channel state information extracted from wireless signal, which establishes a mapping between typing each letter and its respective environmental change.

PatternListener: Cracking Android Pattern Lock Using Acoustic Signals

Motivated by an observation that fingertip motions on the screen of a mobile device can be captured by analyzing surrounding acoustic signals on it, this work proposes PatternListener, a novel acoustic attack that cracks pattern lock by leveraging and analyzing imperceptible acoustic signals reflected by the fingertip.

Context-free Attacks Using Keyboard Acoustic Emanations

This work uses off-the-shelf smartphones to record acoustic emanations from keystrokes and estimates keystroke' physical positions based on the Time Difference of Arrival (TDoA) method, and shows that more than 72.2\% of keystroked can be successfully recovered.

Blind Recognition of Touched Keys on Mobile Devices

This work is the first to automatically and blindly recognize random passwords (or passcodes) typed on the touch screen of mobile devices with a very high success rate.

LipPass: Lip Reading-based User Authentication on Smartphones Leveraging Acoustic Signals

  • Li LuJiadi Yu Minglu Li
  • Computer Science
    IEEE INFOCOM 2018 - IEEE Conference on Computer Communications
  • 2018
This paper proposes a lip reading-based user authentication system, LipPass, which extracts unique behavioral characteristics of users' speaking lips leveraging build-in audio devices on smartphones for user authentication.

TouchLogger: Inferring Keystrokes on Touch Screen from Smartphone Motion

This work describes a new side channel, motion, on touch screen smartphones with only soft keyboards, and developed TouchLogger, an Android application that extracts features from device orientation data to infer keystrokes.

When CSI Meets Public WiFi: Inferring Your Mobile Phone Password via WiFi Signals

A novel and practical keystroke inference framework that allows an attacker to infer the sensitive keystrokes on a mobile device through WiFi-based side-channel information and can recover the key with a high successful rate is presented.

Messages behind the sound: real-time hidden acoustic signal capture with smartphones

Dolphin ensures real-time unobtrusive speaker-microphone data communication without affecting the primary audio-hearing experience for human users, while, at the same time, it overcomes the main limitations of existing screen-camera links.

Keystroke Recognition Using WiFi Signals

It is shown for the first time that WiFi signals can also be exploited to recognize keystrokes, which is critical for ensuring the security of computer systems and the privacy of human users as what being typed could be passwords or privacy sensitive information.

Lip Reading-Based User Authentication Through Acoustic Sensing on Smartphones

A lip reading-based user authentication system, LipPass, which extracts unique behavioral characteristics of users’ speaking mouths through acoustic sensing on smartphones for user authentication and develops a balanced binary tree-based authentication approach to accurately identify each individual.