TapLogger: inferring user inputs on smartphone touchscreens using on-board motion sensors

Today's smartphones are shipped with various embedded motion sensors, such as the accelerometer, gyroscope, and orientation sensors. These motion sensors are useful in supporting the mobile UI innovation and motion-based commands. However, they also bring potential risks of leaking user's private information as they allow third party applications to monitor the motion changes of smartphones. In this paper, we study the feasibility of inferring a user's tap inputs to a smartphone with its integrated motion sensors. Specifically, we utilize an installed trojan application to stealthily monitor the movement and gesture changes of a smartphone using its on-board motion sensors. When the user is interacting with the trojan application, it learns the motion change patterns of tap events. Later, when the user is performing sensitive inputs, such as entering passwords on the touchscreen, the trojan application applies the learnt pattern to infer the occurrence of tap events on the touchscreen as well as the tapped positions on the touchscreen. For demonstration, we present the design and implementation of TapLogger, a trojan application for the Android platform, which stealthily logs the password of screen lock and the numbers entered during a phone call (e.g., credit card and PIN numbers). Statistical results are presented to show the feasibility of such inferences and attacks.

[1]  Giacomo Boracchi,et al.  Poster: fast, automatic iPhone shoulder surfing , 2011, CCS '11.

[2]  Dan Saffer Designing gestural interfaces , 2009 .

[3]  Yajin Zhou,et al.  Taming Information-Stealing Smartphone Applications (on Android) , 2011, TRUST.

[4]  Jun Han,et al.  ACCessory: password inference using accelerometers on smartphones , 2012, HotMobile '12.

[5]  Shashi Shekhar,et al.  QUIRE: Lightweight Provenance for Smart Phone Operating Systems , 2011, USENIX Security Symposium.

[6]  Apu Kapadia,et al.  Soundcomber: A Stealthy and Context-Aware Sound Trojan for Smartphones , 2011, NDSS.

[7]  Adam J. Aviv,et al.  Smudge Attacks on Smartphone Touch Screens , 2010, WOOT.

[8]  Calvin C. Newport Improving Wireless Network Performance Using Sensor Hints , 2011, NSDI.

[9]  Emiliano Miluzzo,et al.  A survey of mobile phone sensing , 2010, IEEE Communications Magazine.

[10]  Norman Hardy,et al.  The Confused Deputy: (or why capabilities might have been invented) , 1988, OPSR.

[11]  Reto Meier Professional Android Application Development , 2008 .

[12]  Hao Chen,et al.  Defending against sensor-sniffing attacks on mobile phones , 2009, MobiHeld '09.

[13]  Helen J. Wang,et al.  Permission Re-Delegation: Attacks and Defenses , 2011, USENIX Security Symposium.

[14]  Hui Xiong,et al.  Enhancing Security and Privacy in Traffic-Monitoring Systems , 2006, IEEE Pervasive Computing.

[15]  Jun Han,et al.  ACComplice: Location inference using accelerometers on smartphones , 2012, 2012 Fourth International Conference on Communication Systems and Networks (COMSNETS 2012).

[16]  Ramachandran Ramjee,et al.  PRISM: platform for remote sensing using smartphones , 2010, MobiSys '10.

[17]  Hao Chen,et al.  TouchLogger: Inferring Keystrokes on Touch Screen from Smartphone Motion , 2011, HotSec.

[18]  James Biagioni,et al.  Cooperative transit tracking using smart-phones , 2010, SenSys '10.

[19]  Sheldon M. Ross,et al.  Introduction to Probability and Statistics for Engineers and Scientists , 1987 .

[20]  Philippe Golle,et al.  On the Anonymity of Home/Work Location Pairs , 2009, Pervasive.

[21]  Patrick Traynor,et al.  (sp)iPhone: decoding vibrations from nearby keyboards using mobile phone accelerometers , 2011, CCS '11.

[22]  Jan-Michael Frahm,et al.  iSpy: automatic reconstruction of typed input from compromising reflections , 2011, CCS '11.

[23]  Chih-Jen Lin,et al.  LIBSVM: A library for support vector machines , 2011, TIST.

[24]  John Krumm,et al.  Inference Attacks on Location Tracks , 2007, Pervasive.

[25]  Andreas Krause,et al.  SenSay: a context-aware mobile phone , 2003, Seventh IEEE International Symposium on Wearable Computers, 2003. Proceedings..

[26]  Deborah Estrin,et al.  Using mobile phones to determine transportation modes , 2010, TOSN.

[27]  Satoshi Tamura,et al.  Human Action Recognition Using Acceleration Information Based On Hidden Markov Model , 2009 .

[28]  Fan Zhang,et al.  Stealthy video capturer: a new video-based spyware in 3G smartphones , 2009, WiSec '09.