Side-channel attacks on mobile and wearable systems

This paper describes a variety of side-channel attacks on mobile and wearable computing systems, exposing vulnerabilities in their system and software architectures. Specifically addressed are malware approaches that passively leverage sensors on-board the systems to monitor user information for sensitive information retrieval. Some potential countermeasures at the system and user interface level are provided.

[1]  Tal Garfinkel,et al.  Reducing shoulder-surfing by using gaze-based password entry , 2007, SOUPS '07.

[2]  Lama Nachman,et al.  Unobtrusive gait verification for mobile phones , 2014, SEMWEB.

[3]  Romit Roy Choudhury,et al.  Using mobile phones to write in air , 2011, MobiSys '11.

[4]  Romit Roy Choudhury,et al.  Tapprints: your finger taps have fingerprints , 2012, MobiSys '12.

[5]  Igor Bilogrevic,et al.  (Smart)watch your taps: side-channel keystroke inference attacks using smartwatches , 2015, SEMWEB.

[6]  13th IEEE Annual Consumer Communications & Networking Conference, CCNC 2016, Las Vegas, NV, USA, January 9-12, 2016 , 2016, CCNC.

[7]  René Mayrhofer,et al.  Orientation Independent Cell Phone Based Gait Authentication , 2014, MoMM.

[8]  Zhi Xu,et al.  TapLogger: inferring user inputs on smartphone touchscreens using on-board motion sensors , 2012, WISEC '12.

[9]  Adam J. Aviv,et al.  Practicality of accelerometer side channels on smartphones , 2012, ACSAC '12.

[10]  Adam W. Hoover,et al.  A New Method for Measuring Meal Intake in Humans via Automated Wrist Motion Tracking , 2012, Applied Psychophysiology and Biofeedback.

[11]  Ryan J. Halter,et al.  Who Wears Me? Bioimpedance as a Passive Biometric , 2012, HealthSec.

[12]  Adam J. Aviv,et al.  Smudge Attacks on Smartphone Touch Screens , 2010, WOOT.

[13]  Sangki Yun,et al.  Turning a Mobile Device into a Mouse in the Air , 2015, MobiSys.

[14]  Ani Nahapetian,et al.  AirDraw: Leveraging smart watch motion sensors for mobile human computer interactions , 2016, 2016 13th IEEE Annual Consumer Communications & Networking Conference (CCNC).

[15]  Hao Chen,et al.  On the Practicality of Motion Based Keystroke Inference Attack , 2012, TRUST.

[16]  Manfred Pinkal,et al.  Acoustic Side-Channel Attacks on Printers , 2010, USENIX Security Symposium.

[17]  He Wang,et al.  MoLe: Motion Leaks through Smartwatch Sensors , 2015, MobiCom.

[18]  Gabi Nakibly,et al.  Gyrophone: Recognizing Speech from Gyroscope Signals , 2014, USENIX Security Symposium.

[19]  Hao Chen,et al.  TouchLogger: Inferring Keystrokes on Touch Screen from Smartphone Motion , 2011, HotSec.

[20]  Jun Han,et al.  ACCessory: password inference using accelerometers on smartphones , 2012, HotMobile '12.

[21]  Evangelos Kalogerakis,et al.  RisQ: recognizing smoking gestures with inertial sensors on a wristband , 2014, MobiSys.

[22]  Hao Chen,et al.  Defending against sensor-sniffing attacks on mobile phones , 2009, MobiHeld '09.

[23]  Patrick Traynor,et al.  (sp)iPhone: decoding vibrations from nearby keyboards using mobile phone accelerometers , 2011, CCS '11.

[24]  Petia Radeva,et al.  Personalization and user verification in wearable systems using biometric walking patterns , 2011, Personal and Ubiquitous Computing.

[25]  Byung-Gon Chun,et al.  TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones , 2010, OSDI.

[26]  Michael Backes,et al.  2008 IEEE Symposium on Security and Privacy Compromising Reflections –or– How to Read LCD Monitors Around the Corner , 2022 .

[27]  Ani Nahapetian,et al.  WristSnoop: Smartphone PINs prediction using smartwatch motion sensors , 2015, 2015 IEEE International Workshop on Information Forensics and Security (WIFS).

[28]  Mauro Conti,et al.  I Sensed It Was You: Authenticating Mobile Users with Sensor-Enhanced Keystroke Dynamics , 2014, DIMVA.