S3

With smart devices being an essential part of our everyday lives, unsupervised access to the mobile sensors’ data can result in a multitude of side-channel attacks. In this paper, we study potential data leaks from Apple Pencil (2nd generation) supported by the Apple iPad Pro, the latest stylus pen which attaches to the iPad body magnetically for charging. We observe that the Pencil’s body affects the magnetic readings sensed by the iPad’s magnetometer when a user is using the Pencil. Therefore, we ask: Can we infer what a user is writing on the iPad screen with the Apple Pencil, given access to only the iPad’s motion sensors’ data? To answer this question, we present Side-channel attack on Stylus pencil through Sensors (S3), a system that identifies what a user is writing from motion sensor readings. We first use the sharp fluctuations in the motion sensors’ data to determine when a user is writing on the iPad. We then introduce a high-dimensional particle filter to track the location and orientation of the Pencil during usage. Lastly, to guide particles, we build the Pencil’s magnetic map serving as a bridge between the measured magnetic data and the Pencil location and orientation. We evaluate S3 with 10 subjects and demonstrate that we correctly identify 93.9%, 96%, 97.9%, and 93.33% of the letters, numbers, shapes, and words by only having access to the motion sensors’ data.

[1]  Michael Unser,et al.  On Regularized Reconstruction of Vector Fields , 2011, IEEE Transactions on Image Processing.

[2]  Gianluca Stringhini,et al.  Fatal attraction: identifying mobile devices through electromagnetic emissions , 2019, WiSec.

[3]  Anindya Maiti,et al.  Smartwatch-Based Keystroke Inference Attacks and Context-Aware Protection Mechanisms , 2016, AsiaCCS.

[4]  James Clerk Maxwell,et al.  VIII. A dynamical theory of the electromagnetic field , 1865, Philosophical Transactions of the Royal Society of London.

[5]  Gaetano Borriello,et al.  Particle Filters for Location Estimation in Ubiquitous Computing: A Case Study , 2004, UbiComp.

[6]  Boyuan Yang,et al.  MagHacker: eavesdropping on stylus pen writing via magnetic sensing from commodity mobile devices , 2020, MobiSys.

[7]  Tolga Arul,et al.  MagneticSpy: Exploiting Magnetometer in Mobile Devices for Website and Application Fingerprinting , 2019, WPES@CCS.

[8]  J. Maxwell VIII. A dynamical theory of the electromagnetic field , 1865, Philosophical Transactions of the Royal Society of London.

[9]  James Diebel,et al.  Representing Attitude : Euler Angles , Unit Quaternions , and Rotation Vectors , 2006 .

[10]  Nikita Borisov,et al.  Tracking Mobile Web Users Through Motion Sensors: Attacks and Defenses , 2016, NDSS.

[11]  Feng Hao,et al.  TouchSignatures: Identification of user touch actions and PINs based on mobile sensor data via JavaScript , 2016, J. Inf. Secur. Appl..

[12]  Yuan Feng,et al.  MotionHacker: Motion sensor based eavesdropping on handwriting via smartwatch , 2018, IEEE INFOCOM 2018 - IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS).

[13]  Guevara Noubir,et al.  My Magnetometer Is Telling You Where I've Been?: A Mobile Device Permissionless Location Attack , 2018, WISEC.

[14]  Cong Wang,et al.  DeepMag: Sniffing Mobile Apps in Magnetic Field through Deep Convolutional Neural Networks , 2018, 2018 IEEE International Conference on Pervasive Computing and Communications (PerCom).

[15]  Tai L. Chow,et al.  Introduction To Electromagnetic Theory: A Modern Perspective , 2005 .

[16]  Michael Unser,et al.  A dual algorithm for L1-regularized reconstruction of vector fields , 2012, 2012 9th IEEE International Symposium on Biomedical Imaging (ISBI).

[17]  Huaiyu Zhu On Information and Sufficiency , 1997 .

[18]  Dieter Fox,et al.  KLD-Sampling: Adaptive Particle Filters , 2001, NIPS.

[19]  Shwetak N. Patel,et al.  Finexus: Tracking Precise Motions of Multiple Fingertips Using Magnetic Sensing , 2016, CHI.

[20]  Hao Jiang,et al.  Motion Eavesdropper: Smartwatch-based Handwriting Recognition Using Deep Learning , 2019, ICMI.

[21]  Sang Ho Yoon,et al.  TMotion: Embedded 3D Mobile Input using Magnetic Sensing Technique , 2015, UIST.

[22]  Kui Ren,et al.  Learning-based Practical Smartphone Eavesdropping with Built-in Accelerometer , 2020, NDSS.

[23]  Sebastian Ruder,et al.  Universal Language Model Fine-tuning for Text Classification , 2018, ACL.

[24]  Zhengyou Zhang,et al.  A Flexible New Technique for Camera Calibration , 2000, IEEE Trans. Pattern Anal. Mach. Intell..

[25]  D. J. Epstein,et al.  Magnetic shielding , 1965 .

[26]  Paul Zarchan,et al.  Fundamentals of Kalman Filtering: A Practical Approach , 2001 .

[27]  Gabi Nakibly,et al.  Gyrophone: Recognizing Speech from Gyroscope Signals , 2014, USENIX Security Symposium.

[28]  He Wang,et al.  MoLe: Motion Leaks through Smartwatch Sensors , 2015, MobiCom.

[29]  竹内 一郎,et al.  Leave-One-Out Cross-Validation , 2014, Encyclopedia of Machine Learning and Data Mining.

[30]  Xiao Xin Lu,et al.  A Review of Solutions for Perspective-n-Point Problem in Camera Pose Estimation , 2018, Journal of Physics: Conference Series.

[31]  R. Mukundan Quaternions : From Classical Mechanics to Computer Graphics , and Beyond , 2002 .

[32]  Stefan Katzenbeisser,et al.  Hard Drive Side-Channel Attacks Using Smartphone Magnetic Field Sensors , 2015, Financial Cryptography.

[33]  Jun Han,et al.  ACCessory: password inference using accelerometers on smartphones , 2012, HotMobile '12.

[34]  Radford M. Neal Pattern Recognition and Machine Learning , 2007, Technometrics.