VR-Spy: A Side-Channel Attack on Virtual Key-Logging in VR Headsets

In Virtual Reality (VR), users typically interact with the virtual world using virtual keyboard to insert keywords, surfing the webpages, or typing passwords to access online accounts. Hence, it becomes imperative to understand the security of virtual keystrokes. In this paper, we present VR-Spy, a virtual keystrokes recognition method using channel state information (CSI) of WiFi signals. To the best of our knowledge, this is the first work that uses WiFi signals to recognize virtual keystrokes in VR headsets. The key idea behind VR -Spy is that the side-channel information of fine-granular hand movements associated with each virtual keystroke has a unique gesture pattern in the CSI waveforms. Our novel pattern extraction algorithm leverages signal processing techniques to extract the patterns from the variations of CSI. We implement VR-Spy using two Commercially Off-The-Shelf (COTS) devices, a transmitter (WAVLINK router), and a receiver (Intel NUC with an IWL 5300 NIC). Finally, VR-Spy achieves a virtual keystrokes recognition accuracy of 69.75% in comparison to techniques that assume very advanced adversary models with vision and motion sensors near the victim.

[1]  Jaakko Astola,et al.  Generalized Hampel Filters , 2016, EURASIP J. Adv. Signal Process..

[2]  Wenyao Xu,et al.  OcuLock: Exploring Human Visual System for Authentication in Virtual Reality Head-mounted Display , 2020, NDSS.

[3]  Nasser Kehtarnavaz,et al.  CHAPTER 7 – Frequency Domain Processing , 2008 .

[4]  Thierry Blu,et al.  Generalized Daubechies Wavelet Families , 2007, IEEE Transactions on Signal Processing.

[5]  Meinard Müller,et al.  Information retrieval for music and motion , 2007 .

[6]  Sabarish V. Babu,et al.  Towards an Immersive Driving Simulator to Study Factors Related to Cybersickness , 2019, 2019 IEEE Conference on Virtual Reality and 3D User Interfaces (VR).

[7]  Wei Yu,et al.  I Know What You Enter on Gear VR , 2019, 2019 IEEE Conference on Communications and Network Security (CNS).

[8]  Wei Wang,et al.  Understanding and Modeling of WiFi Signal Based Human Activity Recognition , 2015, MobiCom.

[9]  Xiaohui Liang,et al.  When CSI Meets Public WiFi: Inferring Your Mobile Phone Password via WiFi Signals , 2016, CCS.

[10]  Markus Funk,et al.  LookUnlock: Using Spatial-Targets for User-Authentication on HMDs , 2019, CHI Extended Abstracts.

[11]  Tahsina Farah Sanam,et al.  FuseLoc: A CCA Based Information Fusion for Indoor Localization Using CSI Phase and Amplitude of Wifi Signals , 2019, ICASSP 2019 - 2019 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP).

[12]  Damon L. Woodard,et al.  Biometric Authentication and Identification using Keystroke Dynamics: A Survey , 2012 .

[13]  David Wetherall,et al.  Tool release: gathering 802.11n traces with channel state information , 2011, CCRV.

[14]  H. Hussmann,et al.  Seamless and Secure VR: Adapting and Evaluating Established Authentication Systems for Virtual Reality , 2017 .

[15]  Jan-Michael Frahm,et al.  Virtual U: Defeating Face Liveness Detection by Building Virtual Models from Your Public Photos , 2016, USENIX Security Symposium.

[16]  Xingming Sun,et al.  Writing in the Air with WiFi Signals for Virtual Reality Devices , 2019, IEEE Transactions on Mobile Computing.

[17]  Wei Wang,et al.  Keystroke Recognition Using WiFi Signals , 2015, MobiCom.

[18]  Mohamed Khamis,et al.  Knowledge-driven Biometric Authentication in Virtual Reality , 2020, CHI Extended Abstracts.

[19]  Yang Xu,et al.  WiFinger: talk to your smart devices with finger-grained gesture , 2016, UbiComp.

[20]  Wei Wang,et al.  Gait recognition using wifi signals , 2016, UbiComp.

[21]  Heng Tao Shen,et al.  Principal Component Analysis , 2009, Encyclopedia of Biometrics.

[22]  Kaishun Wu,et al.  We Can Hear You with Wi-Fi! , 2014, IEEE Transactions on Mobile Computing.

[23]  Kaishun Wu,et al.  CSI-Based Indoor Localization , 2013, IEEE Transactions on Parallel and Distributed Systems.

[24]  Feng Zhou,et al.  Keyboard acoustic emanations revisited , 2005, CCS '05.