Friend or Foe?: Your Wearable Devices Reveal Your Personal PIN
@article{Wang2016FriendOF, title={Friend or Foe?: Your Wearable Devices Reveal Your Personal PIN}, author={Chen Wang and Xiaonan Guo and Yan Wang and Yingying Chen and Bo Liu}, journal={Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security}, year={2016} }
The proliferation of wearable devices, e.g., smartwatches and activity trackers, with embedded sensors has already shown its great potential on monitoring and inferring human daily activities. [] Key Method Our Backward PIN-Sequence Inference algorithm exploits the inherent physical constraints between key entries to infer the complete user key entry sequence. Extensive experiments are conducted with over 5000 key entry traces collected from 20 adults for key-based security systems (i.e. ATM keypads and…
Figures from this paper
107 Citations
Personal PIN Leakage from Wearable Devices
- Computer ScienceIEEE Transactions on Mobile Computing
- 2018
This paper reveals a serious security breach of wearable devices in the context of divulging secret information while people are accessing key-based security systems, and is the first technique that reveals personal PINs leveraging wearable devices without the need for labeled training data and contextual information.
aLeak: Privacy Leakage through Context - Free Wearable Side-Channel
- Computer ScienceIEEE INFOCOM 2018 - IEEE Conference on Computer Communications
- 2018
The key contribution of this paper is to fully demonstrate, more importantly alarm people, the further risks of typing privacy leakage in much more generalized context-free scenarios, which are related to most of us for the daily usage of mobile devices.
Inferring smartphone keypress via smartwatch inertial sensing
- Computer Science2017 IEEE International Conference on Pervasive Computing and Communications Workshops (PerCom Workshops)
- 2017
This paper finds that the possibility of extracting the location of a user's touch-event on a smartphone, using the inertial sensor data of a smartwatch worn by the user on the same arm, and can infer the user's entry pattern on a qwerty keyboard, is possible.
Information Leakage through Mobile Motion Sensors: User Awareness and Concerns
- Computer Science
- 2017
A structured and comprehensive user-study involving users from diverse demographic backgrounds is conducted to investigate userawareness and perceptions related to mobile motion sensor based privacy risks, and how these vary across different demographics, and insight is gained on users’ expectations from defense mechanisms that can protect against such attacks.
Adaptive Human–Machine Interactive Behavior Analysis With Wrist-Worn Devices for Password Inference
- Computer ScienceIEEE Transactions on Neural Networks and Learning Systems
- 2018
A self-adaptive and pretraining-independent pattern attack that infers a graphical password by recovering the victim’s hand movement trajectory via motion sensors of a wrist-worn smart device and an inference algorithm to generate password candidates from hand movement trajectories for different keypad input settings is presented.
Towards Inferring Mechanical Lock Combinations using Wrist-Wearables as a Side-Channel
- Computer ScienceWISEC
- 2018
Evaluation results from these experiments demonstrate that motion data from wrist-wearables can be effectively employed as a side-channel to significantly reduce the unlock combination search-space of commonly found combination locks, thus compromising the physical security provided by these locks.
Designing Leakage-Resilient Password Entry on Head-Mounted Smart Wearable Glass Devices
- Computer ScienceIEEE Transactions on Information Forensics and Security
- 2021
This paper designs three practical anti-eavesdropping password entry schemes on stand-alone smart glasses, named gTapper, gRotator and gTalker, which are found to be easy-to-use without additional hardware under various test conditions.
From Electromyogram to Password
- Computer ScienceACM Trans. Intell. Syst. Technol.
- 2017
This article presents a study on side-channel information leakage of the most popular gesture control device, Myo, and shows that there is severe privacy leakage from these commodity wearable sensors.
My(o) Armband Leaks Passwords
- Computer ScienceProc. ACM Interact. Mob. Wearable Ubiquitous Technol.
- 2021
This work takes a thorough look at the potential of using electromyographic (EMG) data, a sensor modality which has lately gained attention in the context of wearables for augmented reality (AR), for a keylogging side-channel attack using the Myo Armband to collect the sensor data.
WebLogger: Stealing your personal PINs via mobile web application
- Computer Science2017 9th International Conference on Wireless Communications and Signal Processing (WCSP)
- 2017
A novel ensemble learning algorithm based on weighted voting to improve the keystroke inferring accuracy in low sensors sampling rate is proposed and a prototype system named WebLogger is developed to demonstrate the possibility of inferring the PIN numbers or passwords entered by mobile phone users from mobile web application silently.
References
SHOWING 1-10 OF 25 REFERENCES
When Good Becomes Evil: Keystroke Inference with Smartwatch
- Computer ScienceCCS
- 2015
A new and practical side-channel attack to infer user inputs on keyboards by exploiting sensors in smartwatch is presented and a significant accuracy improvement is achieved compared to the previous works, especially of the success rate of finding the correct word in the top 10 candidates.
Tapprints: your finger taps have fingerprints
- Computer ScienceMobiSys '12
- 2012
The location of screen taps on modern smartphones and tablets can be identified from accelerometer and gyroscope readings, and TapPrints, a framework for inferring the location of taps on mobile device touch-screens using motion sensor data combined with machine learning analysis is presented.
Beware, Your Hands Reveal Your Secrets!
- Computer ScienceCCS
- 2014
A new breed of side-channel attack on the PIN entry process on a smartphone which entirely relies on the spatio-temporal dynamics of the hands during typing to decode the typed text and is very likely to be adopted by adversaries who seek to stealthily steal sensitive private information.
TapLogger: inferring user inputs on smartphone touchscreens using on-board motion sensors
- Computer ScienceWISEC '12
- 2012
This paper utilizes an installed trojan application to stealthily monitor the movement and gesture changes of a smartphone using its on-board motion sensors and presents the design and implementation of TapLogger, a trojanApplication for the Android platform, which stealthily logs the password of screen lock and the numbers entered during a phone call.
A fast eavesdropping attack against touchscreens
- Computer Science2011 7th International Conference on Information Assurance and Security (IAS)
- 2011
This paper presents an automatic attack against modern touchscreen keyboards that detects, tracks, and rectifies the target touchscreen, thus following the device or camera's movements and eliminating possible perspective distortions and rotations.
MoLe: Motion Leaks through Smartwatch Sensors
- Computer ScienceMobiCom
- 2015
It is found that when motion signal processing is combined with patterns in English language, the leakage is substantial and merits awareness, especially in light of various continuous sensing apps that are emerging in the app market.
User Verification Leveraging Gait Recognition for Smartphone Enabled Mobile Healthcare Systems
- Computer ScienceIEEE Transactions on Mobile Computing
- 2015
This paper proposes a user verification system leveraging unique gait patterns derived from acceleration readings to detect possible user spoofing in mobile healthcare systems and shows that the framework can be implemented in two ways: user-centric and server-centric, and it is robust to not only random but also mimic attacks.
(sp)iPhone: decoding vibrations from nearby keyboards using mobile phone accelerometers
- Computer ScienceCCS '11
- 2011
It is demonstrated that an application with access to accelerometer readings on a modern mobile phone can use such information to recover text entered on a nearby keyboard, and the potential to recover significant information from the vicinity of a mobile device without gaining access to resources generally considered to be the most likely sources of leakage.
Ubiquitous keyboard for small mobile devices: harnessing multipath fading for fine-grained keystroke localization
- Computer ScienceMobiSys
- 2014
UbiK, an alternative portable text-entry method that allows user to make keystrokes on conventional surfaces, e.g., wood desktop, and extracts and optimizes the location-dependent multipath fading features from the audio signals, and takes advantage of the dual-microphone interface to improve signal diversity.
ClearShot: Eavesdropping on Keyboard Input from Video
- Computer Science2008 IEEE Symposium on Security and Privacy (sp 2008)
- 2008
This paper presents a novel approach to automatically recovering the text being typed on a keyboard, based solely on a video of the user typing, and developed a number of novel techniques for motion tracking, sentence reconstruction, and error correction.