There Goes Your PIN: Exploiting Smartphone Sensor Fusion Under Single and Cross User Setting

A range of zero-permission sensors are found in modern smart-phones to enhance user experience. These sensors can lead to unintentional leakage of user private data. In this paper, we combine leakage from a pool of zero-permission sensors, to reconstruct user's secret PIN used for unlocking the phone or personal finances. By harvesting the power of machine learning algorithms, we show a practical attack on the full four-digit PIN space. Able to classify all 10,000 PIN combinations, results show up to 83.7% success within 20 tries in a single user setting. Latest previous work demonstrated 74% success on a reduced space of 50 chosen PINs, where we report 99.5% success with a single try in a similar setting. Moreover, we extend the PIN recovery attack from a single user to a cross-user scenario. Firstly, we show that by training on several users, the PIN recovery success can be boosted, when a target user is part of the training pool. On the other hand, PIN recovery is still possible when training pool is mutually exclusive to the target user, albeit with low success rate.

[1]  Adam J. Aviv,et al.  Security side channels enabled by smartphone user interaction , 2012 .

[2]  Rosdiadee Nordin,et al.  On the Best Sensor for Keystrokes Inference Attack on Android , 2013 .

[3]  Jun Han,et al.  ACCessory: password inference using accelerometers on smartphones , 2012, HotMobile '12.

[4]  Hao Chen,et al.  TouchLogger: Inferring Keystrokes on Touch Screen from Smartphone Motion , 2011, HotSec.

[5]  Hanghang Tong,et al.  Activity recognition with smartphone sensors , 2014 .

[6]  Hai Huang,et al.  You Are How You Touch: User Verification on Smartphones via Tapping Behaviors , 2014, 2014 IEEE 22nd International Conference on Network Protocols.

[7]  Sung-Bae Cho,et al.  Human activity recognition with smartphone sensors using deep learning neural networks , 2016, Expert Syst. Appl..

[8]  Gabi Nakibly,et al.  PowerSpy: Location Tracking Using Mobile Device Power Analysis , 2015, USENIX Security Symposium.

[9]  Siva Sai Yerubandi,et al.  Differential Power Analysis , 2002 .

[10]  Zhi Xu,et al.  TapLogger: inferring user inputs on smartphone touchscreens using on-board motion sensors , 2012, WISEC '12.

[11]  Raphael Spreitzer,et al.  PIN Skimming: Exploiting the Ambient-Light Sensor in Mobile Devices , 2014, SPSM@CCS.

[12]  Mauro Conti,et al.  I Sensed It Was You: Authenticating Mobile Users with Sensor-Enhanced Keystroke Dynamics , 2014, DIMVA.

[13]  Feng Hao,et al.  Stealing PINs via mobile sensors: actual risk versus user perception , 2016, International Journal of Information Security.

[14]  Feng Hao,et al.  Stealing PINs via mobile sensors: actual risk versus user perception , 2016, International Journal of Information Security.

[15]  Katherine Ellis Classifying Human Behaviors, Activities and Contexts from Mobile Sensor Data , 2016 .