Friend or Foe?: Your Wearable Devices Reveal Your Personal PIN

@article{Wang2016FriendOF,
  title={Friend or Foe?: Your Wearable Devices Reveal Your Personal PIN},
  author={Chen Wang and Xiaonan Guo and Yan Wang and Yingying Chen and Bo Liu},
  journal={Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security},
  year={2016}
}
  • Chen Wang, Xiaonan Guo, Bo Liu
  • Published 30 May 2016
  • Computer Science
  • Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security
The proliferation of wearable devices, e.g., smartwatches and activity trackers, with embedded sensors has already shown its great potential on monitoring and inferring human daily activities. [] Key Method Our Backward PIN-Sequence Inference algorithm exploits the inherent physical constraints between key entries to infer the complete user key entry sequence. Extensive experiments are conducted with over 5000 key entry traces collected from 20 adults for key-based security systems (i.e. ATM keypads and…
View on ACM
dl.acm.org
109 Citations
Highly Influential Citations
11
Background Citations
57
Methods Citations
17
Results Citations
2

109 Citations

Citation Type

Citation Type

Personal PIN Leakage from Wearable Devices
TLDR
This paper reveals a serious security breach of wearable devices in the context of divulging secret information while people are accessing key-based security systems, and is the first technique that reveals personal PINs leveraging wearable devices without the need for labeled training data and contextual information.
aLeak: Privacy Leakage through Context - Free Wearable Side-Channel
  • Yang Liu, Zhenjiang Li
  • Computer Science
    IEEE INFOCOM 2018 - IEEE Conference on Computer Communications
  • 2018
TLDR
The key contribution of this paper is to fully demonstrate, more importantly alarm people, the further risks of typing privacy leakage in much more generalized context-free scenarios, which are related to most of us for the daily usage of mobile devices.
Inferring smartphone keypress via smartwatch inertial sensing
TLDR
This paper finds that the possibility of extracting the location of a user's touch-event on a smartphone, using the inertial sensor data of a smartwatch worn by the user on the same arm, and can infer the user's entry pattern on a qwerty keyboard, is possible.
Information Leakage through Mobile Motion Sensors: User Awareness and Concerns
TLDR
A structured and comprehensive user-study involving users from diverse demographic backgrounds is conducted to investigate userawareness and perceptions related to mobile motion sensor based privacy risks, and how these vary across different demographics, and insight is gained on users’ expectations from defense mechanisms that can protect against such attacks.
Adaptive Human–Machine Interactive Behavior Analysis With Wrist-Worn Devices for Password Inference
TLDR
A self-adaptive and pretraining-independent pattern attack that infers a graphical password by recovering the victim’s hand movement trajectory via motion sensors of a wrist-worn smart device and an inference algorithm to generate password candidates from hand movement trajectories for different keypad input settings is presented.
Towards Inferring Mechanical Lock Combinations using Wrist-Wearables as a Side-Channel
TLDR
Evaluation results from these experiments demonstrate that motion data from wrist-wearables can be effectively employed as a side-channel to significantly reduce the unlock combination search-space of commonly found combination locks, thus compromising the physical security provided by these locks.
Designing Leakage-Resilient Password Entry on Head-Mounted Smart Wearable Glass Devices
TLDR
This paper designs three practical anti-eavesdropping password entry schemes on stand-alone smart glasses, named gTapper, gRotator and gTalker, which are found to be easy-to-use without additional hardware under various test conditions.
From Electromyogram to Password
TLDR
This article presents a study on side-channel information leakage of the most popular gesture control device, Myo, and shows that there is severe privacy leakage from these commodity wearable sensors.
My(o) Armband Leaks Passwords
TLDR
This work takes a thorough look at the potential of using electromyographic (EMG) data, a sensor modality which has lately gained attention in the context of wearables for augmented reality (AR), for a keylogging side-channel attack using the Myo Armband to collect the sensor data.
WebLogger: Stealing your personal PINs via mobile web application
TLDR
A novel ensemble learning algorithm based on weighted voting to improve the keystroke inferring accuracy in low sensors sampling rate is proposed and a prototype system named WebLogger is developed to demonstrate the possibility of inferring the PIN numbers or passwords entered by mobile phone users from mobile web application silently.
...
...

References

SHOWING 1-10 OF 25 REFERENCES
When Good Becomes Evil: Keystroke Inference with Smartwatch
TLDR
A new and practical side-channel attack to infer user inputs on keyboards by exploiting sensors in smartwatch is presented and a significant accuracy improvement is achieved compared to the previous works, especially of the success rate of finding the correct word in the top 10 candidates.
Tapprints: your finger taps have fingerprints
TLDR
The location of screen taps on modern smartphones and tablets can be identified from accelerometer and gyroscope readings, and TapPrints, a framework for inferring the location of taps on mobile device touch-screens using motion sensor data combined with machine learning analysis is presented.
Beware, Your Hands Reveal Your Secrets!
TLDR
A new breed of side-channel attack on the PIN entry process on a smartphone which entirely relies on the spatio-temporal dynamics of the hands during typing to decode the typed text and is very likely to be adopted by adversaries who seek to stealthily steal sensitive private information.
TapLogger: inferring user inputs on smartphone touchscreens using on-board motion sensors
TLDR
This paper utilizes an installed trojan application to stealthily monitor the movement and gesture changes of a smartphone using its on-board motion sensors and presents the design and implementation of TapLogger, a trojanApplication for the Android platform, which stealthily logs the password of screen lock and the numbers entered during a phone call.
A fast eavesdropping attack against touchscreens
TLDR
This paper presents an automatic attack against modern touchscreen keyboards that detects, tracks, and rectifies the target touchscreen, thus following the device or camera's movements and eliminating possible perspective distortions and rotations.
MoLe: Motion Leaks through Smartwatch Sensors
TLDR
It is found that when motion signal processing is combined with patterns in English language, the leakage is substantial and merits awareness, especially in light of various continuous sensing apps that are emerging in the app market.
User Verification Leveraging Gait Recognition for Smartphone Enabled Mobile Healthcare Systems
TLDR
This paper proposes a user verification system leveraging unique gait patterns derived from acceleration readings to detect possible user spoofing in mobile healthcare systems and shows that the framework can be implemented in two ways: user-centric and server-centric, and it is robust to not only random but also mimic attacks.
(sp)iPhone: decoding vibrations from nearby keyboards using mobile phone accelerometers
TLDR
It is demonstrated that an application with access to accelerometer readings on a modern mobile phone can use such information to recover text entered on a nearby keyboard, and the potential to recover significant information from the vicinity of a mobile device without gaining access to resources generally considered to be the most likely sources of leakage.
Ubiquitous keyboard for small mobile devices: harnessing multipath fading for fine-grained keystroke localization
TLDR
UbiK, an alternative portable text-entry method that allows user to make keystrokes on conventional surfaces, e.g., wood desktop, and extracts and optimizes the location-dependent multipath fading features from the audio signals, and takes advantage of the dual-microphone interface to improve signal diversity.
ClearShot: Eavesdropping on Keyboard Input from Video
TLDR
This paper presents a novel approach to automatically recovering the text being typed on a keyboard, based solely on a video of the user typing, and developed a number of novel techniques for motion tracking, sentence reconstruction, and error correction.
...
...