ABSTRACT
The pervasive usage of mobile devices, i.e., smartphones and tablet computers, and their vast amount of sensors represent a plethora of side channels posing a serious threat to the user's privacy and security. In this paper, we propose a new type of side channel which is based on the ambient-light sensor employed in today's mobile devices. While recent advances in this area of research focused on the employed motion sensors and the camera as well as the sound, we investigate a less obvious source of information leakage, namely the ambient light. We successfully demonstrate that minor tilts and turns of mobile devices cause variations of the ambient-light sensor information. Furthermore, we show that these variations leak enough information to infer a user's personal identification number (PIN) input based on a set of known PINs. Our results clearly show that we are able to determine the correct PIN---out of a set of 50 random PINs---within the first ten guesses about 80% of the time. In contrast, the chance of finding the right PIN by randomly guessing ten PINs would be 20%. Since the data required to perform such an attack can be gathered without any specific permissions or privileges, the presented attack seriously jeopardizes the security and privacy of mobile-device owners.
- A. Al-Haiqi, M. Ismail, and R. Nordin. Keystrokes Inference Attack on Android: A Comparative Evaluation of Sensors and Their Fusion. Journal of ICT Research and Applications, 7(2):117--136, 2013.Google ScholarCross Ref
- E. Alpaydin. Introduction to Machine Learning (Adaptive Computation and Machine Learning. The MIT Press, 2nd edition, 2010. Google ScholarDigital Library
- Android Developers. Android KitKat. https://developer. android.com/about/versions/kitkat.html.Google Scholar
- Android Developers. Camera. http://developer.android.com/reference/android/hardware/Camera.html.Google Scholar
- Android Developers. Sensors Overview. http://developer.android.com/guide/topics/sensors/sensors_overview.html.Google Scholar
- D. Asonov and R. Agrawal. Keyboard Acoustic Emanations. In IEEE Symposium on Security and Privacy, pages 3--11, 2004.Google Scholar
- A. J. Aviv, K. Gibson, E. Mossop, M. Blaze, and J. M. Smith. Smudge Attacks on Smartphone Touch Screens. In USENIX Conference on Offensive Technologies (WOOT), pages 1--7, 2010. Google ScholarDigital Library
- A. J. Aviv, B. Sapp, M. Blaze, and J. M. Smith. Practicality of Accelerometer Side Channels on Smartphones. In Annual Computer Security Applications Conference (ACSAC), pages 41--50, 2012. Google ScholarDigital Library
- M. Backes, T. Chen, M. Dürmuth, H. P. A. Lensch, and M. Welk. Tempest in a Teapot: Compromising Reflections Revisited. In IEEE Symposium on Security and Privacy, pages 315--327, 2009. Google ScholarDigital Library
- M. Backes, M. Dürmuth, and D. Unruh. Compromising Reflections-or-How to Read LCD Monitors around the Corner. In IEEE Symposium on Security and Privacy, pages 158--169, 2008. Google ScholarDigital Library
- M. Backes, S. Gerling, C. Hammer, M. Maffei, and P. von Styp- Rekowsky. AppGuard - Enforcing User Requirements on Android Apps. In Tools and Algorithms for the Construction and Analysis of Systems (TACAS), pages 543--548, 2013. Google ScholarDigital Library
- Barclays PLC. Mobile Banking Services. http://www.barclays.co.uk/Mobile/BarclaysPingit/P1242603570446.Google Scholar
- M. Becher, F. C. Freiling, J. Hoffmann, T. Holz, S. Uellenbeck, and C. Wolf. Mobile Security Catching Up? Revealing the Nuts and Bolts of the Security of Mobile Devices. In IEEE Symposium on Security and Privacy, pages 96--111, 2011. Google ScholarDigital Library
- C. M. Bishop. Pattern Recognition and Machine Learning (Information Science and Statistics). Springer-Verlag New York, Inc., Secaucus, NJ, USA, 2006. Google ScholarDigital Library
- BlackBerry. BlackBerry Balance. http://us.blackberry.com/business/software/blackberry-balance.html.Google Scholar
- BlackBerry. BlackBerry Runtime 10.0. http://developer.blackberry.com/android/.Google Scholar
- J. Bonneau, S. Preibusch, and R. Anderson. A Birthday Present Every Eleven Wallets? The Security of Customer-Chosen Banking PINs. In Financial Cryptography (FC), pages 25--40, 2012.Google ScholarCross Ref
- L. Cai and H. Chen. TouchLogger: Inferring Keystrokes on Touch Screen from Smartphone Motion. In USENIX Conference on Hot Topics in Security (HotSec), 2011. Google ScholarDigital Library
- L. Cai and H. Chen. On the Practicality of Motion Based Keystroke Inference Attack. In Trust and Trustworthy Computing (TRUST), pages 273--290, 2012. Google ScholarDigital Library
- L. Cai, S. Machiraju, and H. Chen. Defending Against Sensor-Snifing Attacks on Mobile Phones. In ACM SIGCOMM Workshop on Networking, Systems, and Applications for Mobile Handhelds (MobiHeld), pages 31--36, 2009. Google ScholarDigital Library
- DoMobile. AppLock. https://play.google.com/store/apps/details?id=com.domobile.applock.Google Scholar
- Evernote Corporation. Evernote. https://play.google.com/store/apps/details?id=com.evernote.Google Scholar
- A. P. Felt, E. Chin, S. Hanna, D. Song, and D. Wagner. Android Permissions Demystified. In ACM Conference on Computer and Communications Security (CCS), pages 627--638, 2011. Google ScholarDigital Library
- A. P. Felt, S. Egelman, M. Finifter, D. Akhawe, and D. Wagner. How to Ask for Permission. In USENIX Conference on Hot Topics in Security (HotSec), 2012. Google ScholarDigital Library
- A. P. Felt, E. Ha, S. Egelman, A. Haney, E. Chin, and D. Wagner. Android Permissions: User Attention, Comprehension, and Behavior. In Symposium On Usable Privacy and Security (SOUPS), page 3, 2012. Google ScholarDigital Library
- Gary Mazo. How to uncover and use the hidden Service menu on the Galaxy S3. http://www.androidcentral.com/how-uncover-and-use-hidden-service-menu-galaxy-s3.Google Scholar
- C. Gibler, J. Crussell, J. Erickson, and H. Chen. AndroidLeaks: Automatically Detecting Potential Privacy Leaks in Android Applications on a Large Scale. In Trust and Trustworthy Computing (TRUST), pages 291--307, 2012. Google ScholarDigital Library
- Google. Simplified permissions on Google Play. https://support.google.com/googleplay/answer/6014972, 2014.Google Scholar
- J. Han, E. Owusu, L. T. Nguyen, A. Perrig, and J. Zhang. ACComplice: Location Inference using Accelerometers on Smartphones. In Communication Systems and Networks (COM-SNETS), pages 1--9, 2012.Google Scholar
- M. Jakobsson and D. Liu. Your Password is Your New PIN. In Mobile Authentication, SpringerBriefs in Computer Science, pages 25--36. Springer New York, 2013.Google ScholarCross Ref
- KeepSafe. KeepSafe. https://play.google.com/store/apps/details?id=com.kii.safe.Google Scholar
- P. G. Kelley, S. Consolvo, L. F. Cranor, J. Jung, N. M. Sadeh, and D. Wetherall. A Conundrum of Permissions: Installing Applications on an Android Smartphone. In Financial Cryptography Workshops, pages 68--79, 2012. Google ScholarDigital Library
- P. C. Kocher. Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems. In Advances in Cryptology (CRYPTO), pages 104--113, 1996. Google ScholarDigital Library
- D. F. Kune and Y. Kim. Timing Attacks on PIN Input Devices. In ACM Conference on Computer and Communications Security (CCS), pages 678--680, 2010. Google ScholarDigital Library
- P. Marquardt, A. Verma, H. Carter, and P. Traynor. (sp)iPhone: Decoding Vibrations From Nearby Keyboards Using Mobile Phone Accelerometers. In ACM Conference on Computer and Communications Security (CCS), pages 551--562, 2011. Google ScholarDigital Library
- MathWorks. Statistics Toolbox. http://www.mathworks.com/products/statistics/.Google Scholar
- E. Miluzzo, A. Varshavsky, S. Balakrishnan, and R. R. Choudhury. Tapprints: Your Finger Taps Have Fingerprints. In Mobile Systems, Applications, and Services (MobiSys), pages 323--336, 2012. Google ScholarDigital Library
- NAB. NAB. https://play.google.com/store/apps/details?id=au.com.nab.mobile.Google Scholar
- E. Owusu, J. Han, S. Das, A. Perrig, and J. Zhang. ACCessory: Password Inference using Accelerometers on Smartphones. In Mobile Computing Systems and Applications (HotMobile), page 9, 2012. Google ScholarDigital Library
- H. Peng, C. S. Gates, B. P. Sarma, N. Li, Y. Qi, R. Potharaju, C. Nita-Rotaru, and I. Molloy. Using Probabilistic Generative Models for Ranking Risks of Android Apps. In ACM Conference on Computer and Communications Security (CCS), pages 241--252, 2012. Google ScholarDigital Library
- F. Roesner, T. Kohno, A. Moshchuk, B. Parno, H. J. Wang, and C. Cowan. User-Driven Access Control: Rethinking Permission Granting in Modern Operating Systems. In IEEE Symposium on Security and Privacy, pages 224--238, 2012. Google ScholarDigital Library
- Samsung. Samsung Galaxy S4 Specifications. http://www.samsung.com/global/microsite/galaxys4/.Google Scholar
- Samsung. Samsung Galaxy SIII Specifications. http://www.samsung.com/global/galaxys3/specifications.html.Google Scholar
- Samsung. Samsung KNOX. http://www.samsung.com/global/business/mobile/solution/security/samsung-knox.Google Scholar
- Samsung. What You May Not Know About GALAXY S4. http://global.samsungtomorrow.com/?p=23610.Google Scholar
- L. Simon and R. Anderson. PIN Skimmer: Inferring PINs The Camera and Microphone. In ACM Workshop on Security and Privacy in Smartphones & Mobile Devices (SPSM), pages 67--78, 2013. Google ScholarDigital Library
- Solirify. Math Trainer. https://play.google.com/store/apps/details?id=com.solirify.mathgame.Google Scholar
- D. X. Song, D. Wagner, and X. Tian. Timing Analysis of Keystrokes and Timing Attacks on SSH. In USENIX Security Symposium, 2001. Google ScholarDigital Library
- UK Office of Communications. Communications Market Report 2013. http://media.ofcom.org.uk/2013/08/01/the-reinvention-of-the-1950s-living-room-2/, 2013.Google Scholar
- VirusTotal. VirusTotal. https://play.google.com/store/apps/details?id=com.virustotal.Google Scholar
- Z. Xu, K. Bai, and S. Zhu. TapLogger: Inferring User Inputs On Smartphone Touchscreens Using On-Board Motion Sensors. In Conference on Security and Privacy in Wireless and Module Networks (WISEC), pages 113--124. ACM, 2012. Google ScholarDigital Library
Index Terms
- PIN Skimming: Exploiting the Ambient-Light Sensor in Mobile Devices
Recommendations
PIN skimmer: inferring PINs through the camera and microphone
SPSM '13: Proceedings of the Third ACM workshop on Security and privacy in smartphones & mobile devicesToday's smartphones provide services and uses that required a panoply of dedicated devices not so long ago. With them, we listen to music, play games or chat with our friends; but we also read our corporate email and documents, manage our online banking;...
Exploiting Data-Usage Statistics for Website Fingerprinting Attacks on Android
WiSec '16: Proceedings of the 9th ACM Conference on Security & Privacy in Wireless and Mobile NetworksThe browsing behavior of a user allows to infer personal details, such as health status, political interests, sexual orientation, etc. In order to protect this sensitive information and to cope with possible privacy threats, defense mechanisms like SSH ...
On the adoption of scramble keypad for unlocking PIN-protected smartphones
Personal identification number (PIN) is a simple and effective mechanism for screen unlocking but is susceptible to a number of attacks. Scramble keypad is a method that can improve the security of PIN by changing the keypad layout in each PIN-entry ...
Comments