Inferring Keystrokes on Touch Screen from Smartphone Motion Liang Cai and Hao Chen UC Davis Security Problems on Smartphones Old problems Malware Software bugs Information leak ID: 273667
Download Presentation The PPT/PDF document "TouchLogger" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
TouchLogger: Inferring Keystrokes on Touch Screen from Smartphone Motion
Liang
Cai
and
Hao
Chen
UC DavisSlide2
Security Problems on SmartphonesOld problemsMalwareSoftware bugsInformation leak
…
New problems
How can attackers exploit sensors?Slide3
Sensors on SmartphonesPrivacy-sensitive sensorsMicrophonesCamerasGPS
Are motion sensors privacy-sensitive?
Accelerometers
GyroscopesSlide4
Traditional KeyloggersIntercepting key eventsE.g., Trojan programsUsing out of channelsAcoustic frequency signatures of keys
Timing between keystrokes
Electromagnetic emanations of keystrokes
Work well on physical keyboards
But not on software keyboardsSlide5
Keylogger for Soft KeyboardNew out of band channel on smartphonesAccelerometers
Gyroscopes
Insight: motion sensor data can infer keystrokesSlide6
Threat ModelKeylogger can read motion sensorMost users do NOT regard motion sensors as sensitive data sourceW3C’s
DeviceOrientation
Event Specification allows web applications to read motion sensors via JavaScript
supported by both Android 3.0 and
iOS
4.2
User does NOT place phone on fixed surfaceSlide7
Modeling Typing-Induced MotionShift is affected byStriking force of the typing fingerResistance force of the supporting handRotation is affected by
Landing location of the typing finger
Location of the supporting hand on the phone
We observe
Shift is more likely user dependent
Rotation is more likely user independentSlide8
Device OrientationDevice orientation event consists ofα: Device rotates along z-axis (perpendicular to the screen plane)β: Device rotates along x-axis (parallel to the shorter side of screen)
γ
: Device rotates along y-axis (parallel to the longer side of screen)
We use only
β
and
γSlide9
Feature ExtractionSlide10
Feature ExtractionSlide11
EvaluationHTC Evo 4G smartphoneDigits 0 … 9 on number-only soft keyboardSlide12
ResultsCollected 3 datasets2 smaller datasets for trainingThe largest dataset (449 keystrokes) for testingCorrectly inferred 321 out of 449 (71.5%) keystrokes.Slide13
Detailed Inference ResultsSlide14
Training Set SizeSlide15
ConclusionMotion sensors on smart phones may reveal keystrokesNeed to protect motion sensors as diligently as other sensors