research-article

TapLogger: inferring user inputs on smartphone touchscreens using on-board motion sensors

Authors:
Zhi Xu

Pennsylvania State University, University Park, PA, USA

Pennsylvania State University, University Park, PA, USA
View Profile

,
Kun Bai

IBM T.J. Watson Research Center, Hawthorne, NY, USA

IBM T.J. Watson Research Center, Hawthorne, NY, USA
View Profile

,
Sencun Zhu

Pennsylvania State University, University Park, PA, USA

Pennsylvania State University, University Park, PA, USA
View Profile

WISEC '12: Proceedings of the fifth ACM conference on Security and Privacy in Wireless and Mobile NetworksApril 2012Pages 113–124https://doi.org/10.1145/2185448.2185465

Published:16 April 2012Publication History

WISEC '12: Proceedings of the fifth ACM conference on Security and Privacy in Wireless and Mobile Networks

Pages 113–124

ABSTRACT

Today's smartphones are shipped with various embedded motion sensors, such as the accelerometer, gyroscope, and orientation sensors. These motion sensors are useful in supporting the mobile UI innovation and motion-based commands. However, they also bring potential risks of leaking user's private information as they allow third party applications to monitor the motion changes of smartphones.

In this paper, we study the feasibility of inferring a user's tap inputs to a smartphone with its integrated motion sensors. Specifically, we utilize an installed trojan application to stealthily monitor the movement and gesture changes of a smartphone using its on-board motion sensors. When the user is interacting with the trojan application, it learns the motion change patterns of tap events. Later, when the user is performing sensitive inputs, such as entering passwords on the touchscreen, the trojan application applies the learnt pattern to infer the occurrence of tap events on the touchscreen as well as the tapped positions on the touchscreen.

For demonstration, we present the design and implementation of TapLogger, a trojan application for the Android platform, which stealthily logs the password of screen lock and the numbers entered during a phone call (e.g., credit card and PIN numbers). Statistical results are presented to show the feasibility of such inferences and attacks.

References

Apple: shuffle songs on iphone, http://www.apple.com/iphone/features/ipod.htmlGoogle Scholar
Electronic Arts: Need for speed shift on iphone, http://itunes.apple.com/us/app/need-for-speed-shift/id337641298?mt=8Google Scholar
Aviv, A.J., Gibson, K., Mossop, E., Blaze, M., Smith, J.M.: Smudge attacks on smartphone touch screens. In: Proceedings of the 4th USENIX conference on Offensive technologies. pp. 1--7. WOOT'10 (2010) Google ScholarDigital Library
BlackBerry: Ui and navigation - development guide - blackberry java sdk - 7.0 betaGoogle Scholar
Cai, L., Chen, H.: Touchlogger: Inferring keystrokes on touch screen from smartphone motion. In: Proc. of HotSec'11 (2011) Google ScholarDigital Library
Cai, L., Machiraju, S., Chen, H.: Defending against sensor-sniffing attacks on mobile phones. In: The First ACM SIGCOMM Workshop on Networking, Systems, Applications on Mobile Handhelds (MobiHeld) (2009) Google ScholarDigital Library
Chang, C.C., Lin, C.J.: Libsvm: A library for support vector machines. ACM Trans. Intell. Syst. Technol. 2, 27:1--27:27 (May 2011) Google ScholarDigital Library
Das, T., Mohan, P., Padmanabhan, V.N., Ramjee, R., Sharma, A.: PRISM: platform for remote sensing using smartphones. In: Proceedings of the international conf. on Mobile systems, applications, and services (2010) Google ScholarDigital Library
Android Developers: SensorEvent specification, http://developer.android.com/reference/android/hardware/SensorEvent.htmlGoogle Scholar
Developers, A.: Handling UI events, http://developer.android.com/guide/topics/ui/ui-events.htmlGoogle Scholar
Dietz, M., Shekhar, S., Pisetsky, Y., Shu, A., Wallach, D.S.: Quire: Lightweight provenance for smart phone operating systems. In: Proc. of Usenix Security'11 Google ScholarDigital Library
Android Dveloper: InputMethodManager, http://developer.android.com/reference/android/view/inputmethod/InputMethodManager.htmlGoogle Scholar
Emmanuel Owusu, Jun Han, S.D.A.P.J.Z.: ACCessory: Keystroke Inference using Accelerometers on Smartphones. In: Procceedings of Workshop on Mobile Computing Systems and Applications (HotMobile) (2012) Google ScholarDigital Library
Facebook: Facebook on android, https://market.android.com/details?id=com.facebook.katana&hl=enGoogle Scholar
Felt, A.P., Wang, H.J., Moshchuk, A., Hanna, S., Chin, E.: Permission re-delegation: Attacks and defenses. In: Proc. of Usenix Security'11 Google ScholarDigital Library
Golle, P., Partridge, K.: On the anonymity of home/work location pairs. In: Proceedings of the 7th International Conference on Pervasive Computing. pp. 390--397. Pervasive '09, Springer-Verlag, Berlin, Heidelberg (2009) Google ScholarDigital Library
Hardy, N.: The confused deputy: (or why capabilities might have been invented). SIGOPS Oper. Syst. Rev. 22, 36--38 (October 1988) Google ScholarDigital Library
Hoh, B., Gruteser, M., Xiong, H., Alrabady, A.: Enhancing security and privacy in traffic-monitoring systems. IEEE Pervasive Computing 5, 38--46 (October 2006) Google ScholarDigital Library
FitnessKeeper Inc.: RunKeeper application, runkeeper.comGoogle Scholar
Jun Han, Emmanuel Owusu, T.L.N.A.P.J.Z.: ACComplice: Location Inference using Accelerometers on Smartphones. In: Proceedings of COMSNETS'12 (2012)Google Scholar
Krumm, J.: Inference attacks on location tracks. In: Proceedings of the 5th international conference on Pervasive computing. pp. 127--143. PERVASIVE'07, Springer-Verlag, Berlin, Heidelberg (2007) Google ScholarDigital Library
Lane, N.D., Miluzzo, E., Lu, H., Peebles, D., Choudhury, T., Campbell, A.T.: A survey of mobile phone sensing. Comm. Mag. 48, 140--150 (September 2010) Google ScholarDigital Library
Apple iOS Developer Library: Uiaccelerometer class reference, http://developer.apple.com/library/ios/#documentation/UIKit/Reference/UIAccelerometer_Class/Reference/UIAccelerometer.htmlGoogle Scholar
Lineberry, A.: Android touch-event hijacking (2010), http://blog.mylookout.com/2010/12/android-touch-event-hijacking/Google Scholar
LLC, A.: Kindle on android, https://market.android.com/details?id=com.amazon.kindle&hl=enGoogle Scholar
Ltd., R.M.: Angry birds on android, https://market.android.com/details?id=com.rovio.angrybirdsGoogle Scholar
Maggi, F., Volpatto, A., Gasparini, S., Boracchi, G., Zanero, S.: Poster: Fast, automatic iphone shoulder surfing. In: Proc. of the 18th Conference on Computer and Communication Security (CCS) (2011) Google ScholarDigital Library
Marquardt, P., Verma, A., Carter, H., Traynor, P.: (sp)iphone: decoding vibrations from nearby keyboards using mobile phone accelerometers. In: Proceedings of the 18th ACM conference on Computer and communications security. pp. 551--562. CCS '11, ACM (2011) Google ScholarDigital Library
Meier, R.: Professional Android 2 Application Development. Wiley Publishing, Inc. (2009) Google ScholarDigital Library
Raguram, R., White, A.M., Goswami, D., Monrose, F., Frahm, J.M.: ispy: automatic reconstruction of typed input from compromising reflections. In: Proceedings of the 18th ACM conference on Computer and communications security. pp. 527--536. CCS '11, ACM (2011) Google ScholarDigital Library
Ravindranath, L., Newport, C., Balakrishnan, H., Madden, S.: Improving wireless network performance using sensor hints. In: Proceedings of USENIX conference on Networked systems design and implementation (2011) Google ScholarDigital Library
Reddy, S., Mun, M., Burke, J., Estrin, D., Hansen, M., Srivastava, M.: Using mobile phones to determine transportation modes. ACM Trans. Sen. Netw. 6, 13:1--13:27 (March 2010) Google ScholarDigital Library
Ross, S.M.: Introduction to Probability and Statistics for Engineers and Scientiests. Academic Press, 2nd edn. (1999)Google Scholar
Saffer, D.: Designing Gestural Interfaces. O'Reilly (2008) Google ScholarDigital Library
Schlegel, R., Zhang, K., Zhou, X., Intwala, M., Kapadia, A., Wang, X.: Soundminer: A stealthy and context-aware sound trojan for smartphones. In: Proceedings of the 18th Annual Network and Distributed System Security Symposium (NDSS) (2011)Google Scholar
Siewiorek, D., Smailagic, A., Furukawa, J., Krause, A., Moraveji, N., Reiger, K., Shaffer, J., Wong, F.L.: Sensay: A context-aware mobile phone. In: Proceedings of the 7th IEEE International Symposium on Wearable Computers. pp. 248--. ISWC '03, IEEE Computer Society (2003) Google ScholarDigital Library
Takeuchi, S., Tamura, S., Hayamizu, S.: Human action recognition using acceleration information based on hidden markov model. In: Proc of 2009 APSIAPA Annual Summit and Conference (2009)Google Scholar
Thiagarajan, A., Biagioni, J., Gerlich, T., Eriksson, J.: Cooperative transit tracking using smart-phones. In: Proceedings of the 8th ACM Conference on Embedded Networked Sensor Systems. pp. 85--98. SenSys '10 (2010) Google ScholarDigital Library
USA Today: Hello, big brother: Digital sensors are watching us, http://www.usatoday.com/tech/news/2011-01-26-digitalsensors26_CV_N.htmGoogle Scholar
wikipedia: Comparison of smartphones, http://en.wikipedia.org/wiki/Comparison_of_smartphonesGoogle Scholar
Wikipedia: ios jailbreaking, http://en.wikipedia.org/wiki/IOS_jailbreakingGoogle Scholar
Xu, N., Zhang, F., Luo, Y., Jia, W., Xuan, D., Teng, J.: Stealthy video capturer: a new video-based spyware in 3g smartphones. In: Proceedings of the second ACM conference on Wireless network security (2009) Google ScholarDigital Library
Zhou, Y., Zhang, X., Jiang, X., Freeh, V.W.: Taming information-stealing smartphoneapplications (on android). In: Proc. of TRUST'11 Google ScholarDigital Library

Index Terms

TapLogger: inferring user inputs on smartphone touchscreens using on-board motion sensors
1. Hardware
  1. Communication hardware, interfaces and storage
2. Networks

Recommendations

SemaDroid: A Privacy-Aware Sensor Management Framework for Smartphones
CODASPY '15: Proceedings of the 5th ACM Conference on Data and Application Security and Privacy

While mobile sensing applications are booming, the sensor management mechanisms in current smartphone operating systems are left behind -- they are incomprehensive and coarse-grained, exposing a huge attack surface for malicious or aggressive third ...
Read More
Developing mobile apps using cross-platform frameworks: a case study
HCI'13: Proceedings of the 15th international conference on Human-Computer Interaction: human-centred design approaches, methods, tools, and environments - Volume Part I

In last few years, a huge variety of frameworks for the mobile cross-platform development have been released to deliver quick and overall better solutions. Most of them are based on different approaches and technologies; therefore, relying on only one ...
Read More
PScout: analyzing the Android permission specification
CCS '12: Proceedings of the 2012 ACM conference on Computer and communications security

Modern smartphone operating systems (OSs) have been developed with a greater emphasis on security and protecting privacy. One of the mechanisms these systems use to protect users is a permission system, which requires developers to declare what ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
WISEC '12: Proceedings of the fifth ACM conference on Security and Privacy in Wireless and Mobile Networks
April 2012
216 pages
ISBN:9781450312653
DOI:10.1145/2185448
General Chairs:
Marwan Krunz
University of Arizona, USA
,
Loukas Lazos
University of Arizona, USA
,
Program Chairs:
Roberto Di Pietro
Università di Roma Tre, Italy
,
Wade Trappe
Rutgers University, USA
Copyright © 2012 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 16 April 2012
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
accelerometer sensor
android
motion sensor
orientation sensor
smartphone
trojan
user inputs logger
Qualifiers
- research-article
Conference

Acceptance Rates
Overall Acceptance Rate98of338submissions,29%
Upcoming Conference
WiSec '24

Sponsor:

sigsac

17th ACM Conference on Security and Privacy in Wireless and Mobile Networks

May 27 - 30, 2024

Seoul , Republic of Korea
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 246
  Total Citations
  View Citations
- 1,496
  Total Downloads
- Downloads (Last 12 months)47
- Downloads (Last 6 weeks)10
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

TapLogger: inferring user inputs on smartphone touchscreens using on-board motion sensors

WISEC '12: Proceedings of the fifth ACM conference on Security and Privacy in Wireless and Mobile Networks

ABSTRACT

References

Cited By

Index Terms

Recommendations

SemaDroid: A Privacy-Aware Sensor Management Framework for Smartphones

Developing mobile apps using cross-platform frameworks: a case study

PScout: analyzing the Android permission specification