ABSTRACT
Imagine a user typing on a laptop keyboard while wearing a smart watch. This paper asks whether motion sensors from the watch can leak information about what the user is typing. While its not surprising that some information will be leaked, the question is how much? We find that when motion signal processing is combined with patterns in English language, the leakage is substantial. Reported results show that when a user types a word $W$, it is possible to shortlist a median of 24 words, such that $W$ is in this shortlist. When the word is longer than $6$ characters, the median shortlist drops to $10$. Of course, such leaks happen without requiring any training from the user, and also under the (obvious) condition that the watch is only on the left hand. We believe this is surprising and merits awareness, especially in light of various continuous sensing apps that are emerging in the app market. Moreover, we discover additional "leaks" that can further reduce the shortlist -- we leave these exploitations to future work.
- Sandip Agrawal, Ionut Constandache, Shravan Gaonkar, Romit Roy Choudhury, Kevin Caves, and Frank DeRuyter, "Using mobile phones to write in air," in Proceedings of the 9th International Conference on Mobile Systems, Applications, and Services. 2011, MobiSys '11, pp. 15--28, ACM. Google ScholarDigital Library
- Shahriar Nirjon, Jeremy Gummeson, Dan Gelb, and Kyu-Han Kim, "TypingRing: A wearable ring platform for text input," in Proceedings of the 13th Annual International Conference on Mobile Systems, Applications, and Services. 2015, MobiSys '15, pp. 227--239, ACM. Google ScholarDigital Library
- Jiayang Liu, Zhen Wang, Lin Zhong, J. Wickramasuriya, and V. Vasudevan, "uWave: Accelerometer-based personalized gesture recognition and its applications," in Pervasive Computing and Communications, 2009. PerCom 2009. IEEE International Conference on, March 2009, pp. 1--9. Google ScholarDigital Library
- Chao Xu, Parth H. Pathak, and Prasant Mohapatra, "Finger-writing with smartwatch: A case for finger and hand gesture recognition using smartwatch," in Proceedings of the 16th International Workshop on Mobile Computing Systems and Applications. 2015, HotMobile '15, pp. 9--14, ACM. Google ScholarDigital Library
- Abhinav Parate, Meng-Chieh Chiu, Chaniel Chadowitz, Deepak Ganesan, and Evangelos Kalogerakis, "Risq: Recognizing smoking gestures with inertial sensors on a wristband," in Proceedings of the 12th Annual International Conference on Mobile Systems, Applications, and Services. 2014, MobiSys '14, pp. 149--161, ACM. Google ScholarDigital Library
- Sangki Yun, Yi-Chao Chen, and Lili Qiu, "Turning a mobile device into a mouse in the air," in Proceedings of the 13th Annual International Conference on Mobile Systems, Applications, and Services. 2015, MobiSys '15, pp. 15--29, ACM. Google ScholarDigital Library
- "Word Frequency Data Set," http://www.wordfrequency.info/.Google Scholar
- "MATLAB Peak Analysis Library," http://www.mathworks.com/help/signal/examples/peak-analysis.html.Google Scholar
- "Camera Calibration Toolbox for Matlab," http://www.vision.caltech.edu/bouguetj/calib_doc/.Google Scholar
- Li Zhuang, Feng Zhou, and J. D. Tygar, "Keyboard acoustic emanations revisited," ACM Trans. Inf. Syst. Secur., vol. 13, no. 1, pp. 3:1--3:26, Nov. 2009. Google ScholarDigital Library
- Dmitri Asonov and Rakesh Agrawal, "Keyboard acoustic emanations," in Security and Privacy, 2004. Proceedings. 2004 IEEE Symposium on, May 2004, pp. 3--11.Google Scholar
- Denis Foo Kune and Yongdae Kim, "Timing attacks on pin input devices," in Proceedings of the 17th ACM Conference on Computer and Communications Security. 2010, CCS '10, pp. 678--680, ACM. Google ScholarDigital Library
- Dawn Xiaodong Song, David Wagner, and Xuqing Tian, "Timing analysis of keystrokes and timing attacks on SSH," in Proceedings of the 10th Conference on USENIX Security Symposium - Volume 10. 2001, SSYM'01, USENIX Association. Google ScholarDigital Library
- Kevin S. Killourhy and Roy A. Maxion, "Comparing anomaly-detection algorithms for keystroke dynamics," in Dependable Systems Networks, 2009. DSN '09. IEEE/IFIP International Conference on, June 2009, pp. 125--134.Google Scholar
- "Key Sweeper," http://samy.pl/keysweeper/.Google Scholar
- Martin Vuagnoux and Sylvain Pasini, "Compromising electromagnetic emanations of wired and wireless keyboards," in Proceedings of the 18th Conference on USENIX Security Symposium. 2009, SSYM'09, pp. 1--16, USENIX Association. Google ScholarDigital Library
- Philip Marquardt, Arunabh Verma, Henry Carter, and Patrick Traynor, "(sp)iphone: Decoding vibrations from nearby keyboards using mobile phone accelerometers," in Proceedings of the 18th ACM Conference on Computer and Communications Security. 2011, CCS '11, pp. 551--562, ACM. Google ScholarDigital Library
- Emmanuel Owusu, Jun Han, Sauvik Das, Adrian Perrig, and Joy Zhang, "Accessory: Password inference using accelerometers on smartphones," in Proceedings of the Twelfth Workshop on Mobile Computing Systems and Applications. 2012, HotMobile '12, pp. 9:1--9:6, ACM. Google ScholarDigital Library
- Liang Cai and Hao Chen, "TouchLogger: Inferring keystrokes on touch screen from smartphone motion," in Proceedings of the 6th USENIX Conference on Hot Topics in Security. 2011, HotSec'11, pp. 9--9, USENIX Association. Google ScholarDigital Library
- Liang Cai and Hao Chen, "On the practicality of motion based keystroke inference attack," in Proceedings of the 5th International Conference on Trust and Trustworthy Computing. 2012, TRUST'12, pp. 273--290, Springer-Verlag. Google ScholarDigital Library
- Emiliano Miluzzo, Alexander Varshavsky, Suhrid Balakrishnan, and Romit Roy Choudhury, "Tapprints: Your finger taps have fingerprints," in Proceedings of the 10th International Conference on Mobile Systems, Applications, and Services. 2012, MobiSys '12, pp. 323--336, ACM. Google ScholarDigital Library
- Yan Michalevsky, Dan Boneh, and Gabi Nakibly, "Gyrophone: Recognizing speech from gyroscope signals," in 23rd USENIX Security Symposium (USENIX Security 14). Aug. 2014, pp. 1053--1067, USENIX Association. Google ScholarDigital Library
Index Terms
- MoLe: Motion Leaks through Smartwatch Sensors
Recommendations
Identification of Cryptographic Vulnerability and Malware Detection in Android
Android based Smartphones are nowadays getting more popular. While using Smartphone, user is always concerned about security and malicious attacks, cryptographic vulnerability of the applications. With increase in the number of Android mobiles, Android ...
Information protection of end users on the web: privacy issues and measures
In the current world, everyone needs to be connected to the internet. However, as technology develops, online scammers also advance with technology. To protect private information, the end users must ensure their data is protected. There are ways of ...
Security Busters
URL blacklists are used by the majority of modern web browsers as a means to protect users from rogue web sites, i.e. those serving malware and/or hosting phishing scams. There is a plethora of URL blacklists/reputation services, out of which Google's ...
Comments