Predicting Tap Locations on Touch Screens in the Field Using Accelerometer and Gyroscope Sensor Readings

Research has shown that the location of touch screen taps on modern smartphones and tablet computers can be identified based on sensor recordings from the device’s accelerometer and gyroscope. This security threat implies that an attacker could launch a background process on the mobile device and send the motion sensor readings to a third party vendor for further analysis. Even though the location inference is a non-trivial task requiring machine learning algorithms in order to predict the tap location, previous research was able to show that PINs and passwords of users could be successfully obtained. However, as the tap location inference was only shown for taps generated in a controlled setting not reflecting the environment users naturally engage with their smartphones, the attempts in this paper bridge this gap. We propose TapSensing, a data acquisition system designed to collect touch screen tap event information with corresponding accelerometer and gyroscope readings. Having performed a data acquisition study with 27 participants and 3 different iPhone models, a total of 25,000 labeled taps could be acquired from a laboratory and field environment enabling a direct comparison of both settings. The overall findings show that tap location inference is generally possible for data acquired in the field, hence, with a performance reduction of approximately 20% when comparing both environments. As the tap inference has therefore been shown for a more realistic data set, this work shows that smartphone motion sensors could potentially be used to comprise the user’s privacy in any surrounding user’s interact with the devices.

[1]  Gaël Varoquaux,et al.  Scikit-learn: Machine Learning in Python , 2011, J. Mach. Learn. Res..

[2]  Hao Chen,et al.  TouchLogger: Inferring Keystrokes on Touch Screen from Smartphone Motion , 2011, HotSec.

[3]  Patrick Traynor,et al.  (sp)iPhone: decoding vibrations from nearby keyboards using mobile phone accelerometers , 2011, CCS '11.

[4]  Bo Yu,et al.  Convolutional Neural Networks for human activity recognition using mobile sensors , 2014, 6th International Conference on Mobile Computing, Applications and Services.

[5]  Rafal Przesmycki,et al.  Measurement and Analysis of Compromising Emanation for Laser Printer , 2014 .

[6]  Daniela M. Witten,et al.  An Introduction to Statistical Learning: with Applications in R , 2013 .

[7]  Martin Welk,et al.  Tempest in a Teapot: Compromising Reflections Revisited , 2009, 2009 30th IEEE Symposium on Security and Privacy.

[8]  Markus G. Kuhn,et al.  Electromagnetic Eavesdropping Risks of Flat-Panel Displays , 2004, Privacy Enhancing Technologies.

[9]  Jun Han,et al.  ACCessory: password inference using accelerometers on smartphones , 2012, HotMobile '12.

[10]  Trevor Hastie,et al.  An Introduction to Statistical Learning , 2013, Springer Texts in Statistics.

[11]  Manfred Pinkal,et al.  Acoustic Side-Channel Attacks on Printers , 2010, USENIX Security Symposium.

[12]  Romit Roy Choudhury,et al.  Tapprints: your finger taps have fingerprints , 2012, MobiSys '12.

[13]  Jean-Jacques Quisquater,et al.  ElectroMagnetic Analysis (EMA): Measures and Counter-Measures for Smart Cards , 2001, E-smart.

[14]  Feng Zhou,et al.  Keyboard acoustic emanations revisited , 2009 .

[15]  K. Volpp,et al.  Accuracy of smartphone applications and wearable devices for tracking physical activity data. , 2015, JAMA.

[16]  Rakesh Agrawal,et al.  Keyboard acoustic emanations , 2004, IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004.

[17]  Claudio Feijóo,et al.  Mobile gaming: Industry challenges and policy implications , 2012 .

[18]  Martin Vuagnoux,et al.  Compromising Electromagnetic Emanations of Wired and Wireless Keyboards , 2009, USENIX Security Symposium.

[19]  Peter Smulders,et al.  The threat of information theft by reception of electromagnetic radiation from RS-232 cables , 1990, Comput. Secur..

[20]  Emiliano Miluzzo,et al.  A survey of mobile phone sensing , 2010, IEEE Communications Magazine.

[21]  Wim van Eck,et al.  Electromagnetic radiation from video display units: An eavesdropping risk? , 1985, Comput. Secur..

[22]  Michael Backes,et al.  2008 IEEE Symposium on Security and Privacy Compromising Reflections –or– How to Read LCD Monitors Around the Corner , 2022 .

[23]  Klaus Wehrle,et al.  FootPath: Accurate map-based indoor navigation using smartphones , 2011, 2011 International Conference on Indoor Positioning and Indoor Navigation.

[24]  Markus G. Kuhn,et al.  Optical time-domain eavesdropping risks of CRT displays , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.