Seeing double: reconstructing obscured typed input from repeated compromising reflections

Of late, threats enabled by the ubiquitous use of mobile devices have drawn much interest from the research community. However, prior threats all suffer from a similar, and profound, weakness - namely the requirement that the adversary is either within visual range of the victim (e.g., to ensure that the pop-out events in reflections in the victim's sunglasses can be discerned) or is close enough to the target to avoid the use of expensive telescopes. In this paper, we broaden the scope of the attacks by relaxing these requirements and show that breaches of privacy are possible even when the adversary is around a corner. The approach we take overcomes challenges posed by low image resolution by extending computer vision methods to operate on small, high-noise, images. Moreover, our work is applicable to all types of keyboards because of a novel application of fingertip motion analysis for key-press detection. In doing so, we are also able to exploit reflections in the eyeball of the user or even repeated reflections (i.e., a reflection of a reflection of the mobile device in the eyeball of the user). Our empirical results show that we can perform these attacks with high accuracy, and can do so in scenarios that aptly demonstrate the realism of this threat.

[1]  Robert C. Bolles,et al.  Random sample consensus: a paradigm for model fitting with applications to image analysis and automated cartography , 1981, CACM.

[2]  Joachim Weickert,et al.  Anisotropic diffusion in image processing , 1996 .

[3]  Ankit Chaudhary,et al.  A Vision based Geometrical Method to find Fingers Positions in Real Time Hand Gesture Recognition , 2012, J. Softw..

[4]  Stelzer Contrast, resolution, pixelation, dynamic range and signal‐to‐noise ratio: fundamental limits to resolution in fluorescence light microscopy , 1998 .

[5]  Harold Joseph Highland,et al.  Electromagnetic radiation revisited , 1986, Computers & security.

[6]  Alon Lavie,et al.  The Meteor metric for automatic evaluation of machine translation , 2009, Machine Translation.

[7]  Jae Wook Jeon,et al.  Fingertip detection with morphology and geometric calculation , 2009, 2009 IEEE/RSJ International Conference on Intelligent Robots and Systems.

[8]  Desney S. Tan,et al.  Spy-resistant keyboard: more secure password entry on public touch screen displays , 2005, OZCHI.

[9]  Michael Backes,et al.  2008 IEEE Symposium on Security and Privacy Compromising Reflections –or– How to Read LCD Monitors Around the Corner , 2022 .

[10]  Simon Baker,et al.  Lucas-Kanade 20 Years On: A Unifying Framework , 2004, International Journal of Computer Vision.

[11]  Feng Zhou,et al.  Keyboard acoustic emanations revisited , 2005, CCS '05.

[12]  Yang Zhang,et al.  Fingerprint attack against touch-enabled devices , 2012, SPSM '12.

[13]  I. Martinez,et al.  VHDL described finger tracking system for real-time human-machine interaction , 2008, 2008 International Conference on Signals and Electronic Systems.

[14]  Jake K. Aggarwal,et al.  Determining vanishing points from perspective images , 1984, Comput. Vis. Graph. Image Process..

[15]  Jan-Michael Frahm,et al.  On the Privacy Risks of Virtual Keyboards: Automatic Reconstruction of Typed Input from Compromising Reflections , 2013, IEEE Transactions on Dependable and Secure Computing.

[16]  Jan-Michael Frahm,et al.  iSpy: automatic reconstruction of typed input from compromising reflections , 2011, CCS '11.

[17]  Hideo Saito,et al.  Vision-Based Detection of Guitar Players' Fingertips Without Markers , 2007, Computer Graphics, Imaging and Visualisation (CGIV 2007).

[18]  Jaime López-Krahe,et al.  Contribution to the Determination of Vanishing Points Using Hough Transform , 1994, IEEE Trans. Pattern Anal. Mach. Intell..

[19]  Lian-Wen Jin,et al.  An effective robust fingertip detection method for finger writing character recognition system , 2005, 2005 International Conference on Machine Learning and Cybernetics.

[20]  Tao Chen,et al.  Creating a live, public short message service corpus: the NUS SMS corpus , 2011, Lang. Resour. Evaluation.

[21]  Tobias Höllerer,et al.  Handy AR: Markerless Inspection of Augmented Reality Objects Using Fingertip Tracking , 2007, 2007 11th IEEE International Symposium on Wearable Computers.

[22]  Markus G. Kuhn,et al.  Compromising Emanations , 2005, Encyclopedia of Cryptography and Security.

[23]  Rakesh Agrawal,et al.  Keyboard acoustic emanations , 2004, IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004.

[24]  Richard O. Duda,et al.  Use of the Hough transformation to detect lines and curves in pictures , 1972, CACM.

[25]  Jidi Majia,et al.  Contrast , 1908, The Fairchild Books Dictionary of Fashion.

[26]  Junchul Chun,et al.  Manipulation of virtual objects in marker-less AR system by fingertip tracking and hand gesture recognition , 2009, ICIS '09.

[27]  J. Kase Graphical Passwords , 2008 .

[28]  Isin Erer,et al.  Realistic eavesdropping attacks on computer displays with low-cost and mobile receiver system , 2012, 2012 Proceedings of the 20th European Signal Processing Conference (EUSIPCO).

[29]  Yoichi Sato,et al.  Real-Time Fingertip Tracking and Gesture Recognition , 2002, IEEE Computer Graphics and Applications.

[30]  Tal Garfinkel,et al.  Reducing shoulder-surfing by using gaze-based password entry , 2007, SOUPS '07.

[31]  Wim van Eck,et al.  Electromagnetic radiation from video display units: An eavesdropping risk? , 1985, Comput. Secur..

[32]  Bogdan Hoanca,et al.  Password Entry Scheme Resistant to Eavesdropping , 2008, Security and Management.

[33]  Lianwen Jin,et al.  A Novel Vision-Based Finger-Writing Character Recognition System , 2007, J. Circuits Syst. Comput..

[34]  Giacomo Boracchi,et al.  A fast eavesdropping attack against touchscreens , 2011, 2011 7th International Conference on Information Assurance and Security (IAS).

[35]  Junichi Nakamura,et al.  Image Sensors and Signal Processing for Digital Still Cameras , 2005 .

[36]  Martin Vuagnoux,et al.  Compromising Electromagnetic Emanations of Wired and Wireless Keyboards , 2009, USENIX Security Symposium.

[37]  Giovanni Vigna,et al.  ClearShot: Eavesdropping on Keyboard Input from Video , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[38]  Martin Welk,et al.  Tempest in a Teapot: Compromising Reflections Revisited , 2009, 2009 30th IEEE Symposium on Security and Privacy.

[39]  Masatsugu Kidode,et al.  Wearable virtual tablet: fingertip drawing on a portable plane-object using an active-infrared camera , 2004, IUI '04.

[40]  Hao Chen,et al.  TouchLogger: Inferring Keystrokes on Touch Screen from Smartphone Motion , 2011, HotSec.

[41]  Jun Han,et al.  ACCessory: password inference using accelerometers on smartphones , 2012, HotMobile '12.

[42]  MatthewsIain,et al.  Lucas-Kanade 20 Years On , 2004 .

[43]  Hao Chen,et al.  On the Practicality of Motion Based Keystroke Inference Attack , 2012, TRUST.

[44]  Alon Lavie,et al.  Evaluating the Output of Machine Translation Systems , 2010, AMTA.

[45]  Bogdan Hoanca,et al.  Gaze-based password authentication through automatic clustering of gaze points , 2011, 2011 IEEE International Conference on Systems, Man, and Cybernetics.

[46]  Robert T. Collins,et al.  Vanishing point calculation as a statistical inference on the unit sphere , 1990, [1990] Proceedings Third International Conference on Computer Vision.

[47]  Horst Bischof,et al.  Real-Time Tracking via On-line Boosting , 2006, BMVC.

[48]  Andrea Vedaldi,et al.  Vlfeat: an open and portable library of computer vision algorithms , 2010, ACM Multimedia.