Privacy Leakage in Mobile Sensing: Your Unlock Passwords Can Be Leaked through Wireless Hotspot Functionality

Mobile sensing has become a new style of applications and most of the smart devices are equipped with varieties of sensors or functionalities to enhance sensing capabilities. Current sensing systems concentrate on how to enhance sensing capabilities; however, the sensors or functionalities may lead to the leakage of users’ privacy. In this paper, we present WiPass, a way to leverage the wireless hotspot functionality on the smart devices to snoop the unlock passwords/patterns without the support of additional hardware. The attacker can “see” your unlock passwords/patterns even one meter away. WiPass leverages the impacts of finger motions on the wireless signals during the unlocking period to analyze the passwords/patterns. To practically implement WiPass, we are facing the difficult feature extraction and complex unlock passwords matching, making the analysis of the finger motions challenging. To conquer the challenges, we use DCASW to extract feature and hierarchical DTW to do unlock passwords matching. Besides, the combination of amplitude and phase information is used to accurately recognize the passwords/patterns. We implement a prototype of WiPass and evaluate its performance under various environments. The experimental results show that WiPass achieves the detection accuracy of 85.6% and 74.7% for passwords/patterns detection in LOS and in NLOS scenarios, respectively.

[1]  Jiang Hongkai,et al.  A sliding window feature extraction method for rotating machinery based on the lifting scheme , 2007 .

[2]  Lu Wang,et al.  Pilot: Passive Device-Free Indoor Localization Using Channel State Information , 2013, 2013 IEEE 33rd International Conference on Distributed Computing Systems.

[3]  Zhen Ling,et al.  Blind Recognition of Touched Keys: Attack and Countermeasures , 2014, ArXiv.

[4]  Jue Wang,et al.  Dude, where's my card?: RFID positioning that works with multipath and non-line of sight , 2013, SIGCOMM.

[5]  Arash Habibi Lashkari,et al.  Shoulder Surfing attack in graphical password authentication , 2009, ArXiv.

[6]  Zhi Xu,et al.  TapLogger: inferring user inputs on smartphone touchscreens using on-board motion sensors , 2012, WISEC '12.

[7]  Tien D. Bui,et al.  Translation-invariant denoising using multiwavelets , 1998, IEEE Trans. Signal Process..

[8]  Bo Chen,et al.  Tracking Keystrokes Using Wireless Signals , 2015, MobiSys.

[9]  Desney S. Tan,et al.  Humantenna: using the body as an antenna for real-time whole-body interaction , 2012, CHI.

[10]  Kaishun Wu,et al.  We Can Hear You with Wi-Fi! , 2014, IEEE Transactions on Mobile Computing.

[11]  Meinard Müller,et al.  Dynamic Time Warping , 2008 .

[12]  Hao Chen,et al.  TouchLogger: Inferring Keystrokes on Touch Screen from Smartphone Motion , 2011, HotSec.

[13]  Tal Garfinkel,et al.  Reducing shoulder-surfing by using gaze-based password entry , 2007, SOUPS '07.

[14]  Jun Han,et al.  ACCessory: password inference using accelerometers on smartphones , 2012, HotMobile '12.

[15]  Nikos Mastorakis,et al.  Implementation of SYMLET wavelets to removal of Gaussian additive noise from speech signal , 2011 .

[16]  Aris L. Moustakas,et al.  MIMO capacity through correlated channels in the presence of correlated interferers and noise: a (not so) large N analysis , 2003, IEEE Trans. Inf. Theory.

[17]  Stan Salvador,et al.  FastDTW: Toward Accurate Dynamic Time Warping in Linear Time and Space , 2004 .

[18]  Kang G. Shin,et al.  Invisible Sensing of Vehicle Steering with Smartphones , 2015, MobiSys.

[19]  Reena Singh,et al.  Comparison of Daubechies, Coiflet, and Symlet for edge detection , 1997, Defense, Security, and Sensing.

[20]  Wenyuan Xu,et al.  AccelPrint: Imperfections of Accelerometers Make Smartphones Trackable , 2014, NDSS.

[21]  R. Manmatha,et al.  Word image matching using dynamic time warping , 2003, 2003 IEEE Computer Society Conference on Computer Vision and Pattern Recognition, 2003. Proceedings..

[22]  Shwetak N. Patel,et al.  Whole-home gesture recognition using wireless signals , 2013, MobiCom.

[23]  Robert D. Nowak,et al.  An EM algorithm for wavelet-based image restoration , 2003, IEEE Trans. Image Process..

[24]  Khaled A. Harras,et al.  WiGest demo: A ubiquitous WiFi-based gesture recognition system , 2015, 2015 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS).

[25]  Moustafa Youssef,et al.  Nuzzer: A Large-Scale Device-Free Passive Localization System for Wireless Environments , 2009, IEEE Transactions on Mobile Computing.

[26]  Fadel Adib,et al.  See through walls with WiFi! , 2013, SIGCOMM.

[27]  Adam J. Aviv,et al.  Smudge Attacks on Smartphone Touch Screens , 2010, WOOT.

[28]  Rajesh Kumar,et al.  Beware, Your Hands Reveal Your Secrets! , 2014, CCS.

[29]  Wei Wang,et al.  Keystroke Recognition Using WiFi Signals , 2015, MobiCom.

[30]  Yang Zhang,et al.  Fingerprint attack against touch-enabled devices , 2012, SPSM '12.