Your PIN Sounds Good! On The Feasibility of PIN Inference Through Audio Leakage

Personal Identification Numbers (PIN) are widely used as authentication method for systems such as Automated Teller Machines (ATMs) and Point of Sale (PoS). Input devices (PIN pads) usually give the user a feedback sound when a key is pressed. In this paper, we propose an attack based on the extraction of inter-keystroke timing from the feedback sound when users type their PINs. Our attack is able to reach an accuracy of 98% with a mean error of 0.13 +/-6.66 milliseconds. We demonstrate that inter-keystroke timing significantly improves the guessing probability of certain subsets of PINs. We believe this represents a security problem that has to be taken into account for secure PIN generation. Furthermore, we identified several attack scenarios where the adversary can exploit inter-keystroke timing and additional information about the user or the PIN, such as typing behavior. Our results show that combining the inter-keystroke timing with other information drastically reduces attempts to guess a PIN, outperforming random guessing. With our attack, we are able to guess 72% of the 4-digit PINs within 3 attempts. We believe this poses a serious security problem for systems that use PIN-based authentication.

[1]  Yan Wang,et al.  Friend or Foe?: Your Wearable Devices Reveal Your Personal PIN , 2016, AsiaCCS.

[2]  Ross J. Anderson,et al.  A Birthday Present Every Eleven Wallets? The Security of Customer-Chosen Banking PINs , 2012, Financial Cryptography.

[3]  Nitesh Saxena,et al.  A closer look at keyboard acoustic emanations: random passwords, typing styles and decoding techniques , 2012, ASIACCS '12.

[4]  Rakesh Agrawal,et al.  Keyboard acoustic emanations , 2004, IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004.

[5]  Gene Tsudik,et al.  Thermanator: Thermal Residue-Based Post Factum Attacks on Keyboard Data Entry , 2018, AsiaCCS.

[6]  Volker Roth,et al.  A PIN-entry method resilient against shoulder surfing , 2004, CCS '04.

[7]  Martin Vuagnoux,et al.  Compromising Electromagnetic Emanations of Wired and Wireless Keyboards , 2009, USENIX Security Symposium.

[8]  Ping Wang,et al.  Understanding Human-Chosen PINs: Characteristics, Distribution and Security , 2017, AsiaCCS.

[9]  Xinyu Zhang,et al.  Ubiquitous keyboard for small mobile devices: harnessing multipath fading for fine-grained keystroke localization , 2014, MobiSys.

[10]  Stefan Savage,et al.  Heat of the Moment: Characterizing the Efficacy of Thermal Camera-Based Attacks , 2011, WOOT.

[11]  Jin Hong,et al.  Analysis and Improvement of a PIN-Entry Method Resilient to Shoulder-Surfing and Recording Attacks , 2015, IEEE Transactions on Information Forensics and Security.

[12]  Mauro Conti,et al.  PILOT: Password and PIN Information Leakage from Obfuscated Typing Videos , 2019, J. Comput. Secur..

[13]  Jie Yang,et al.  Snooping Keystrokes with mm-level Audio Ranging on a Single Phone , 2015, MobiCom.

[14]  Mauro Conti,et al.  SILK-TV: Secret Information Leakage from Keystroke Timing Videos , 2018, ESORICS.

[15]  Bernardo Batiz-Lazo,et al.  The Development of Cash-Dispensing Technology in the UK , 2010, IEEE Annals of the History of Computing.

[16]  Florian Alt,et al.  Stay Cool! Understanding Thermal Attacks on Mobile-based User Authentication , 2017, CHI.

[17]  Dawn Xiaodong Song,et al.  Timing Analysis of Keystrokes and Timing Attacks on SSH , 2001, USENIX Security Symposium.

[18]  Patrick Traynor,et al.  (sp)iPhone: decoding vibrations from nearby keyboards using mobile phone accelerometers , 2011, CCS '11.

[19]  Arie Yeredor,et al.  Dictionary attacks using keyboard acoustic emanations , 2006, CCS '06.

[20]  Yunhao Liu,et al.  Context-free Attacks Using Keyboard Acoustic Emanations , 2014, CCS.

[21]  Ani Nahapetian,et al.  WristSnoop: Smartphone PINs prediction using smartwatch motion sensors , 2015, 2015 IEEE International Workshop on Information Forensics and Security (WIFS).

[22]  T. W. Anderson,et al.  Asymptotic Theory of Certain "Goodness of Fit" Criteria Based on Stochastic Processes , 1952 .

[23]  Tal Garfinkel,et al.  Reducing shoulder-surfing by using gaze-based password entry , 2007, SOUPS '07.