research-article

Smartwatch-Based Keystroke Inference Attacks and Context-Aware Protection Mechanisms

Authors:

Oscar Armbruster,

Murtuza Jadliwala,

Jibo HeAuthors Info & Claims

ASIA CCS '16: Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security

Pages 795 - 806

https://doi.org/10.1145/2897845.2897905

Published: 30 May 2016 Publication History

Abstract

Wearable devices, such as smartwatches, are furnished with state-of-the-art sensors that enable a range of context-aware applications. However, malicious applications can misuse these sensors, if access is left unaudited. In this paper, we demonstrate how applications that have access to motion or inertial sensor data on a modern smartwatch can recover text typed on an external QWERTY keyboard. Due to the distinct nature of the perceptible motion sensor data, earlier research efforts on emanation based keystroke inference attacks are not readily applicable in this scenario. The proposed novel attack framework characterizes wrist movements (captured by the inertial sensors of the smartwatch worn on the wrist) observed during typing, based on the relative physical position of keys and the direction of transition between pairs of keys. Eavesdropped keystroke characteristics are then matched to candidate words in a dictionary. Multiple evaluations show that our keystroke inference framework has an alarmingly high classification accuracy and word recovery rate. With the information recovered from the wrist movements perceptible by a smartwatch, we exemplify the risks associated with unaudited access to seemingly innocuous sensors (e.g., accelerometers and gyroscopes) of wearable devices. As part of our efforts towards preventing such side-channel attacks, we also develop and evaluate a novel context-aware protection framework which can be used to automatically disable (or downgrade) access to motion sensors, whenever typing activity is detected.

References

[1]

IEEE Recommended Practices for Speech Quality Measurements. IEEE Transactions on Audio and Electroacoustics, 1969.

[2]

Experian Marketing Services - Simmons Connect. http://tinyurl.com/experiansmartphones, May 2013. {Online; accessed 8-June-2015}.

[3]

D. Agrawal, B. Archambeault, J. R. Rao, and P. Rohatgi. The EM Side-channel(s). In Cryptographic Hardware and Embedded Systems, 2002.

Digital Library

[4]

D. Asonov and R. Agrawal. Keyboard Acoustic Emanations. In IEEE S&P, 2004.

[5]

M. Backes, T. Chen, M. Duermuth, H. Lensch, and M. Welk. Tempest in a Teapot: Compromising Reflections Revisited. In IEEE S&P, 2009.

Digital Library

[6]

M. Backes, M. Dürmuth, S. Gerling, M. Pinkal, and C. Sporleder. Acoustic Side-Channel Attacks on Printers. In USENIX Security, 2010.

Digital Library

[7]

M. Backes, M. Durmuth, and D. Unruh. Compromising Reflections-or-How to Read LCD Monitors Around the Corner. In IEEE S&P, 2008.

Digital Library

[8]

A. Barisani and D. Bianco. Sniffing Keystrokes with Lasers/Voltmeters. Black Hat USA, 2009.

[9]

Y. Berger, A. Wool, and A. Yeredor. Dictionary Attacks using Keyboard Acoustic Emanations. In ACM CCS, 2006.

Digital Library

[10]

J. Cappos, L. Wang, R. Weiss, Y. Yang, and Y. Zhuang. BlurSense: Dynamic Fine-Grained Access Control for Smartphone Privacy. In IEEE Sensors Applications Symposium, 2014.

[11]

T. Fiebig, J. Krissler, and R. Hänsch. Security Impact of High Resolution Smartphone Cameras. In USENIX WOOT, 2014.

Digital Library

[12]

J. Friedman. Tempest: A Signal Problem. NSA Cryptologic Spectrum, 1972.

[13]

M. G. Kuhn. Optical Time-Domain Eavesdropping Risks of CRT Displays. In IEEE S&P, 2002.

Digital Library

[14]

M. G. Kuhn and R. J. Anderson. Soft Tempest: Hidden Data Transmission Using Electromagnetic Emanations. In Information Hiding, Lecture Notes in Computer Science, 1998.

[15]

A. Maiti, M. Jadliwala, J. He, and I. Bilogrevic. (Smart)Watch Your Taps: Side-channel Keystroke Inference Attacks Using Smartwatches. In ACM ISWC, 2015.

Digital Library

[16]

P. Marquardt, A. Verma, H. Carter, and P. Traynor. (sp)iPhone: Decoding Vibrations From Nearby Keyboards Using Mobile Phone Accelerometers. In ACM CCS, 2011.

Digital Library

[17]

Y. Michalevsky, D. Boneh, and G. Nakibly. Gyrophone: Recognizing Speech from Gyroscope Signals. In USENIX Security, 2014.

Digital Library

[18]

L. T. Nguyen, H.-T. Cheng, P. Wu, S. Buthpitiya, and Y. Zhang. PnLUM: System for Prediction of Next Location for Users with Mobility. In Nokia Mobile Data Challenge Workshop, 2012.

[19]

E. Owusu, J. Han, S. Das, A. Perrig, and J. Zhang. ACCessory: Password Inference using Accelerometers on Smartphones. In ACM HotMobile, 2012.

Digital Library

[20]

J.-J. Quisquater and D. Samyde. ElectroMagnetic Analysis (EMA): Measures and Countermeasures for Smart Cards. In Smart Card Programming and Security, Lecture Notes in Computer Science, 2001.

Digital Library

[21]

R. Schlegel, K. Zhang, X.-y. Zhou, M. Intwala, A. Kapadia, and X. Wang. Soundcomber: A Stealthy and Context-Aware Sound Trojan for Smartphones. In ISOC NDSS, 2011.

[22]

P. Smulders. The Threat of Information Theft by Reception of Electromagnetic Radiation from RS-232 Cables. Computers & Security, 9(1), 1990.

Digital Library

[23]

E. Thomaz, I. Essa, and G. D. Abowd. A Practical Approach for Recognizing Eating Moments with Wrist-mounted Inertial Sensing. In ACM UbiComp, 2015.

Digital Library

[24]

W. Van Eck. Electromagnetic Radiation from Video Display Units: An Eavesdropping Risk? Computers & Security, 4(4), 1985.

Digital Library

[25]

M. Vuagnoux and S. Pasini. Compromising Electromagnetic Emanations of Wired and Wireless Keyboards. In USENIX Security, 2009.

Digital Library

[26]

H. Wang, T. T.-T. Lai, and R. Roy Choudhury. Mole: Motion leaks through smartwatch sensors. In ACM MobiCom, 2015.

Digital Library

Cited By

Chen SJiang HHu JZheng TWang MXiao ZLiu DLuo J(2025)Echoes of Fingertip: Unveiling POS Terminal Passwords Through Wi-Fi Beamforming FeedbackIEEE Transactions on Mobile Computing10.1109/TMC.2024.346556424:2(662-676)Online publication date: Feb-2025
https://doi.org/10.1109/TMC.2024.3465564
Spata MMaria Russo VOrtis ABattiato S(2025)A New Pipeline for Snooping Keystroke Based on Deep Learning AlgorithmIEEE Access10.1109/ACCESS.2025.353687713(24498-24514)Online publication date: 2025
https://doi.org/10.1109/ACCESS.2025.3536877
Su ZCai KBeeler RDresel LGarcia AGrishchenko ITian YKruegel CVigna GBalzarotti DXu W(2024)Remote keylogging attacks in multi-user VR applicationsProceedings of the 33rd USENIX Conference on Security Symposium10.5555/3698900.3699054(2743-2760)Online publication date: 14-Aug-2024
https://dl.acm.org/doi/10.5555/3698900.3699054
Show More Cited By

Index Terms

Smartwatch-Based Keystroke Inference Attacks and Context-Aware Protection Mechanisms
1. Human-centered computing
  1. Ubiquitous and mobile computing
2. Security and privacy
  1. Security in hardware
    1. Hardware attacks and countermeasures
      1. Side-channel analysis and countermeasures
  2. Security services
    1. Privacy-preserving protocols

Recommendations

(Smart)watch your taps: side-channel keystroke inference attacks using smartwatches
ISWC '15: Proceedings of the 2015 ACM International Symposium on Wearable Computers

In this paper, we investigate the feasibility of keystroke inference attacks on handheld numeric touchpads by using smartwatch motion sensors as a side-channel. The proposed attack approach employs supervised learning techniques to accurately map the ...
Poster Abstract: Mobile Context Logger: Recognizing User's Auditory Environments and Activities using Smartwatch
SenSys '23: Proceedings of the 21st ACM Conference on Embedded Networked Sensor Systems

Smartwatch, a wrist-worn personal device, can be a mobile platform for information assistant services that provide useful information in daily life, such as context-aware reminders for elderly people. To realize such an assistant service, we have ...
Biometric template attacks and recent protection mechanisms: A survey
Highlights
- An in-depth discussion and analysis of biometric system attacks are provided.
- The prerequisite knowledge required by the adversary to initiate these attacks is given.
- Most recent state-of-the-art protection mechanisms against the ...
Abstract
It is an undeniable fact that biometric recognition systems are susceptible to different software-related or template attacks at different vulnerable points in the biometric authentication system. However, these attacks are frequently overlooked, ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

ASIA CCS '16: Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security

May 2016

958 pages

ISBN:9781450342339

DOI:10.1145/2897845

General Chair:
Xiaofeng Chen
Xidian University, China
,
Program Chairs:
XiaoFeng Wang
Indiana University at Bloomington, USA
,
Xinyi Huang
Fujian Normal University, China

Copyright © 2016 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 30 May 2016

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

National Science Foundation
Air Force Research Lab

Conference

ASIA CCS '16

Sponsor:

SIGSAC

ASIA CCS '16: ACM Asia Conference on Computer and Communications Security

May 30 - June 3, 2016

Xi'an, China

Acceptance Rates

ASIA CCS '16 Paper Acceptance Rate 73 of 350 submissions, 21%;

Overall Acceptance Rate 418 of 2,322 submissions, 18%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

61
Total Citations
View Citations
777
Total Downloads

Downloads (Last 12 months)56
Downloads (Last 6 weeks)2

Reflects downloads up to 14 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Chen SJiang HHu JZheng TWang MXiao ZLiu DLuo J(2025)Echoes of Fingertip: Unveiling POS Terminal Passwords Through Wi-Fi Beamforming FeedbackIEEE Transactions on Mobile Computing10.1109/TMC.2024.346556424:2(662-676)Online publication date: Feb-2025
https://doi.org/10.1109/TMC.2024.3465564
Spata MMaria Russo VOrtis ABattiato S(2025)A New Pipeline for Snooping Keystroke Based on Deep Learning AlgorithmIEEE Access10.1109/ACCESS.2025.353687713(24498-24514)Online publication date: 2025
https://doi.org/10.1109/ACCESS.2025.3536877
Su ZCai KBeeler RDresel LGarcia AGrishchenko ITian YKruegel CVigna GBalzarotti DXu W(2024)Remote keylogging attacks in multi-user VR applicationsProceedings of the 33rd USENIX Conference on Security Symposium10.5555/3698900.3699054(2743-2760)Online publication date: 14-Aug-2024
https://dl.acm.org/doi/10.5555/3698900.3699054
Salehzadeh Niksirat KVelykoivanenko LZufferey NCherubini MHuguenin KHumbert M(2024)Wearable Activity Trackers: A Survey on Utility, Privacy, and SecurityACM Computing Surveys10.1145/364509156:7(1-40)Online publication date: 8-Feb-2024
https://dl.acm.org/doi/10.1145/3645091
Spata MRusso VOrtis ABattiato S(2024)Acoustic Side Channel Attack for Keystroke Splitting in the Wild2024 IEEE International Conference on Metrology for eXtended Reality, Artificial Intelligence and Neural Engineering (MetroXRAINE)10.1109/MetroXRAINE62247.2024.10796234(131-136)Online publication date: 21-Oct-2024
https://doi.org/10.1109/MetroXRAINE62247.2024.10796234
Chen SJiang HHu JXiao ZLiu D(2024)Silent Thief: Password Eavesdropping Leveraging Wi-Fi Beamforming Feedback from POS TerminalIEEE INFOCOM 2024 - IEEE Conference on Computer Communications10.1109/INFOCOM52122.2024.10621321(321-330)Online publication date: 20-May-2024
https://doi.org/10.1109/INFOCOM52122.2024.10621321
Spata MOrtis ABattiato SRusso V(2024)A New Deep Learning Pipeline for Acoustic Attack on KeyboardsIntelligent Systems and Applications10.1007/978-3-031-66329-1_26(402-414)Online publication date: 31-Jul-2024
https://doi.org/10.1007/978-3-031-66329-1_26
Fischer-Hübner SKaregar FFischer-Hübner SKaregar F(2024)Overview of Usable Privacy Research: Major Themes and Research DirectionsThe Curious Case of Usable Privacy10.1007/978-3-031-54158-2_3(43-102)Online publication date: 20-Mar-2024
https://doi.org/10.1007/978-3-031-54158-2_3
Zufferey NHumbert MTavenard RHuguenin KCalandrino JTroncoso C(2023)Watch your watchProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620249(193-210)Online publication date: 9-Aug-2023
https://dl.acm.org/doi/10.5555/3620237.3620249
Slocum CZhang YAbu-Ghazaleh NChen JCalandrino JTroncoso C(2023)Going through the motionsProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620247(159-174)Online publication date: 9-Aug-2023
https://dl.acm.org/doi/10.5555/3620237.3620247
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten