Xiangyu Liu
ABSTRACT
One rising trend in today's consumer electronics is the wearable devices, e.g., smartwatches. With tens of millions of smartwatches shipped, however, the security implications of such devices are not fully understood. Although previous studies have pointed out some privacy concerns about the data that can be collected, like personalized health information, the threat is considered low as the leaked data is not highly sensitive and there is no real attack implemented. In this paper we investigate a security problem coming from sensors in smartwatches, especially the accelerometer. The results show that the actual threat is much beyond people's awareness. Being worn on the wrist, the accelerometer built within a smartwatch can track user's hand movements, which makes inferring user inputs on keyboards possible in theory. But several challenges need to be addressed ahead in the real-world settings: e.g., small and irregular hand movements occur persistently during typing, which degrades the tracking accuracy and sometimes even overwhelms useful signals.
In this paper, we present a new and practical side-channel attack to infer user inputs on keyboards by exploiting sensors in smartwatch. Novel keystroke inference models are developed to mitigate the negative impacts of tracking noises. We focus on two major categories of keyboards: one is numeric keypad that is generally used to input digits, and the other is QWERTY keyboard on which a user can type English text. Two prototypes have been built to infer users' banking PINs and English text when they type on POS terminal and QWERTY keyboard respectively. Our results show that for numeric keyboard, the probability of finding banking PINs in the top 3 candidates can reach 65%, while for QWERTY keyboard, a significant accuracy improvement is achieved compared to the previous works, especially of the success rate of finding the correct word in the top 10 candidates.
- Android wear. https://developer.android.com/wear/index.html.Google Scholar
- As smartwatches gain traction, personal data privacy worries mount. http://www.computerworld.com/article/2925311/wearables/as-smartwatches-gain-traction-personal-data-privacy-worries-mount.html.Google Scholar
- Bbc news. http://www.bbc.com/news/.Google Scholar
- Cancer patients with depression 'are being overlooked'. http://www.bbc.com/news/health-28954661.Google Scholar
- The corncob list of more than 58 000 english words. http://www.mieliestronk.com/wordlist.html.Google Scholar
- Cubic spline data interpolation. http://www.mathworks.com/help/matlab/ref/spline.html.Google Scholar
- 'deaths averted' at hospitals put into special measures. http://www.bbc.com/news/health-31166211.Google Scholar
- Detrending data. http://www.mathworks.com/help/matlab/data_analysis/detrending-data.html.Google Scholar
- Ebola crisis: Experimental vaccine 'shipped to liberia'. http://www.bbc.com/news/health-30943377.Google Scholar
- Invensense. http://www.invensense.com/.Google Scholar
- Is it acceptable to wear a watch on the right wrist? http://www.askandyaboutclothes.com/forum/showthread.php?116570-Is-it-acceptable-to-wear-a-watch-on-the-right-wrist.Google Scholar
- Learn how to touch type. http://www.ratatype.com/learn/.Google Scholar
- A new wave of gadgets can collect your personal information like never before. http://www.businessinsider.com.au/privacy-fitness-trackers-smartwatches-2014--10.Google Scholar
- Personal identification number. https://en.wikipedia.org/wiki/Personal_identification_number.Google Scholar
- Poor water and hygiene 'kills mothers and newborns'. http://www.bbc.com/news/health-30452226.Google Scholar
- Pos terminals e530 pos. http://landicorp.en.frbiz.com/group-pos_systems/34719013-pos_terminals_e530_pos.html.Google Scholar
- Watch handedness. https://en.wikipedia.org/wiki/Watch#Handedness.Google Scholar
- why wear a watch on the wrist where you're hand dominant http://www.reddit.com/r/Watches/comments/1wzub5/question_why_wear_a_watch_on_the_wrist_where/.Google Scholar
- Annett, M. Handedness and brain asymmetry: The right shift theory. Psychology Press, 2002.Google Scholar
- Asonov, D., and Agrawal, R. Keyboard acoustic emanations. In IEEE Symposium on Security and Privacy (2004), IEEE Computer Society.Google ScholarCross Ref
- Backes, M., Chen, T., Duermuth, M., Lensch, H., and Welk, M. Tempest in a teapot: Compromising reflections revisited. In Security and Privacy, 2009 30th IEEE Symposium on (2009), IEEE, pp. 315--327. Google ScholarDigital Library
- Backes, M., Durmuth, M., and Unruh, D. Compromising reflections-or-how to read lcd monitors around the corner. In Security and Privacy, 2008. SP 2008. IEEE Symposium on (2008), IEEE, pp. 158--169. Google ScholarDigital Library
- Berger, Y., Wool, A., and Yeredor, A. Dictionary attacks using keyboard acoustic emanations. In Proceedings of the 13th ACM conference on Computer and communications security (2006), ACM, pp. 245--254. Google ScholarDigital Library
- Bianchi-Berthouze, N. Understanding the role of body movement in player engagement. Human-Computer Interaction 28, 1 (2013), 40--75.Google Scholar
- Electronics, L. Lg g watch | powered by android wear. http://www.lg.com/global/gwatch/one/index.html#main, 2015.Google Scholar
- Fothergill, S., Mentis, H., Kohli, P., and Nowozin, S. Instructing people for training gestural interactive systems. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (2012), ACM, pp. 1737--1746. Google ScholarDigital Library
- Friedman, N., Rowe, J. B., Reinkensmeyer, D. J., and Bachman, M. The manumeter: A wearable device for monitoring daily use of the wrist and fingers.Google Scholar
- Kwon, D. Y., and Gross, M. A framework for 3d spatial gesture design and modeling using a wearable input device. In Wearable Computers, 2007 11th IEEE International Symposium on (2007), IEEE, pp. 23--26. Google ScholarDigital Library
- Li, Z., Feng, Z., and Tygar, J. Keyboard acoustic emanations revisited. In Proceedings of the 12th ACM Conference on Computer and Communications Security (2005). Google ScholarDigital Library
- Liang, C., and Chen, H. Touchlogger: inferring keystrokes on touch screen from smartphone motion. In 6th USENIX Conference on Hot Topics in Security, HotSec (2011). Google ScholarDigital Library
- Luinge, H. J., and Veltink, P. H. Measuring orientation of human body segments using miniature gyroscopes and accelerometers. Medical and Biological Engineering and computing 43, 2 (2005), 273--282.Google Scholar
- Marquardt, P., Verma, A., Carter, H., and Traynor, P. (sp) iphone: decoding vibrations from nearby keyboards using mobile phone accelerometers. In Proceedings of the 18th ACM conference on Computer and communications security (2011), ACM, pp. 551--562. Google ScholarDigital Library
- Miluzzo, E., Varshavsky, A., Balakrishnan, S., and Choudhury, R. R. Tapprints: your finger taps have fingerprints. In Proceedings of the 10th international conference on Mobile systems, applications, and services (2012), ACM, pp. 323--336. Google ScholarDigital Library
- Owusu, E., Han, J., Das, S., Perrig, A., and Zhang, J. Accessory: password inference using accelerometers on smartphones. In Proceedings of the Twelfth Workshop on Mobile Computing Systems & Applications (2012), ACM, p. 9. Google ScholarDigital Library
- Raguram, R., White, A. M., Goswami, D., Monrose, F., and Frahm, J.-M. ispy: automatic reconstruction of typed input from compromising reflections. In Proceedings of the 18th ACM conference on Computer and communications security (2011), ACM, pp. 527--536. Google ScholarDigital Library
- Roesner, F., Molnar, D., Moshchuk, A., Kohno, T., and Wang, H. J. World-driven access control for continuous sensing. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security (2014), ACM, pp. 1169--1181. Google ScholarDigital Library
- Shukla, D., Kumar, R., Serwadda, A., and Phoha, V. V. Beware, your hands reveal your secrets! In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security (2014), ACM, pp. 904--917. Google ScholarDigital Library
- Vuagnoux, M., and Pasini, S. Compromising electromagnetic emanations of wired and wireless keyboards. In USENIX Security Symposium (2009), pp. 1--16. Google ScholarDigital Library
- Xu, Y., Heinly, J., White, A. M., Monrose, F., and Frahm, J.-M. Seeing double: Reconstructing obscured typed input from repeated compromising reflections. In Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security (2013), ACM, pp. 1063--1074. Google ScholarDigital Library
- Xu, Z., Bai, K., and Zhu, S. Taplogger: Inferring user inputs on smartphone touchscreens using on-board motion sensors. In Proceedings of the fifth ACM conference on Security and Privacy in Wireless and Mobile Networks (2012), ACM, pp. 113--124. Google ScholarDigital Library
- Yue, Q., Ling, Z., Fu, X., Liu, B., Ren, K., and Zhao, W. Blind recognition of touched keys on mobile devices. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security (2014), ACM, pp. 1403--1414. Google ScholarDigital Library
- Zhu, T., Ma, Q., Zhang, S., and Liu, Y. Context-free attacks using keyboard acoustic emanations. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security (2014), ACM. Google ScholarDigital Library
Index Terms
- When Good Becomes Evil: Keystroke Inference with Smartwatch
Recommendations
PressTact: Side Pressure-Based Input for Smartwatch Interaction
CHI EA '16: Proceedings of the 2016 CHI Conference Extended Abstracts on Human Factors in Computing SystemsSmartwatches have gained a lot of public interest as one of the most popular wearable devices in recent times, but their diminutive touch screens mar the user experiences. The small screen of watch suffers from visual occlusion and the fat finger ...
Exploring tilt for no-touch, wrist-only interactions on smartwatches
MobileHCI '16: Proceedings of the 18th International Conference on Human-Computer Interaction with Mobile Devices and ServicesBecause smartwatches are worn on the wrist, they do not require users to hold the device, leaving at least one hand free to engage in other activities. Unfortunately, this benefit is thwarted by the typical interaction model of smartwatches; for ...
Investigating the effectiveness of peephole interaction for smartwatches in a map navigation task
MobileHCI '14: Proceedings of the 16th international conference on Human-computer interaction with mobile devices & servicesWith the increasing availability of smartwatches the question of suited input modalities arises. While direct touch input comes at the cost of the fat-finger problem, we propose to use a dynamic peephole to explore larger content such as websites or ...
Comments