Results 1 - 10
of
32
TouchLogger: Inferring keystrokes on touch screen from smartphone motion
- 67 Proceedings of the 6th USENIX Workshop on Hot Topics in Security (HotSec
, 2011
"... Attacks that use side channels, such as sound and electromagnetic emanation, to infer keystrokes on physical keyboards are ineffective on smartphones without physical keyboards. We describe a new side channel, motion, on touch screen smartphones with only soft keyboards. Since typing on different lo ..."
Abstract
-
Cited by 48 (2 self)
- Add to MetaCart
(Show Context)
Attacks that use side channels, such as sound and electromagnetic emanation, to infer keystrokes on physical keyboards are ineffective on smartphones without physical keyboards. We describe a new side channel, motion, on touch screen smartphones with only soft keyboards. Since typing on different locations on the screen causes different vibrations, motion data can be used to infer the keys being typed. To demonstrate this attack, we developed TouchLogger, an Android application that extracts features from device orientation data to infer keystrokes. TouchLogger correctly inferred more than 70 % of the keys typed on a number-only soft keyboard on a smartphone. We hope to raise the awareness of motion as a significant side channel that may leak confidential data. 1
Taplogger: Inferring user inputs on smartphone touchscreens using on-board motion sensors
- In Proceedings of the fifth ACM conference on Wireless network security
, 2012
"... Today’s smartphones are shipped with various embedded motion sensors, such as the accelerometer, gyroscope, and orientation sensors. These motion sensors are useful in supporting the mobile UI innovation and motion-based commands. However, they also bring potential risks of leaking user’s private in ..."
Abstract
-
Cited by 34 (2 self)
- Add to MetaCart
(Show Context)
Today’s smartphones are shipped with various embedded motion sensors, such as the accelerometer, gyroscope, and orientation sensors. These motion sensors are useful in supporting the mobile UI innovation and motion-based commands. However, they also bring potential risks of leaking user’s private information as they allow third party applications to monitor the motion changes of smartphones. In this paper, we study the feasibility of inferring a user’s tap inputs to a smartphone with its integrated motion sensors. Specifically, we utilize an installed trojan application to stealthily monitor the movement and gesture changes of asmartphoneusingitson-boardmotionsensors.Whenthe user is interacting with the trojan application, it learns the motion change patterns of tap events. Later, when the user is performing sensitive inputs, such as entering passwords on the touchscreen, the trojan application applies the learnt pattern to infer the occurrence of tap events on the touchscreen as well as the tapped positions on the touchscreen. For demonstration, we present the design and implementation of TapLogger, a trojan application for the Android platform, which stealthily logs the password of screen lock and the numbers entered during a phone call (e.g., credit card and PIN numbers). Statistical results are presented to show the feasibility of such inferences and attacks.
Defending Against Sensor-Sniffing Attacks on Mobile Phones
"... Modern mobile phones possess three types of capabilities: computing, communication, and sensing. While these capabilities enable a variety of novel applications, they also raise serious privacy concerns. We explore the vulnerability where attackers snoop on users by sniffing on their mobile phone se ..."
Abstract
-
Cited by 24 (2 self)
- Add to MetaCart
(Show Context)
Modern mobile phones possess three types of capabilities: computing, communication, and sensing. While these capabilities enable a variety of novel applications, they also raise serious privacy concerns. We explore the vulnerability where attackers snoop on users by sniffing on their mobile phone sensors, such as the microphone, camera, and GPS receiver. We show that current mobile phone platforms inadequately protect their users from this threat. To provide better privacy for mobile phone users, we analyze desirable uses of these sensors and discuss the properties of good privacy protection solutions. Then, we propose a general framework for such solutions and discuss various possible approaches to implement the framework’s components.
ACCessory: Password Inference using Accelerometers on Smartphones ∗
"... We show that accelerometer readings are a powerful side channel that can be used to extract entire sequences of entered text on a smartphone touchscreen keyboard. This possibility is a concern for two main reasons. First, unauthorized access to one’s keystrokes is a serious invasion of privacy as co ..."
Abstract
-
Cited by 22 (0 self)
- Add to MetaCart
(Show Context)
We show that accelerometer readings are a powerful side channel that can be used to extract entire sequences of entered text on a smartphone touchscreen keyboard. This possibility is a concern for two main reasons. First, unauthorized access to one’s keystrokes is a serious invasion of privacy as consumers increasingly use smartphones for sensitive transactions. Second, unlike many other sensors found on smartphones, the accelerometer does not require special privileges to access on current smartphone OSes. We show that accelerometer measurements can be used to extract 6-character passwords in as few as 4.5 trials (median).
PlaceRaider: Virtual theft in physical spaces with smartphones
- in Network and Distributed System Security Symposium
, 2013
"... Abstract—Each new generation of smartphone features in-creasingly powerful onboard sensor suites. A new strain of ‘sensory malware ’ has been developing that leverages these sensors to steal information from the physical environment — e.g., researchers have recently demonstrated how malware can ‘lis ..."
Abstract
-
Cited by 16 (3 self)
- Add to MetaCart
(Show Context)
Abstract—Each new generation of smartphone features in-creasingly powerful onboard sensor suites. A new strain of ‘sensory malware ’ has been developing that leverages these sensors to steal information from the physical environment — e.g., researchers have recently demonstrated how malware can ‘listen ’ for spoken credit card numbers through the micro-phone, or ‘feel ’ keystroke vibrations using the accelerometer. Yet the possibilities of what malware can ‘see ’ through a camera have been understudied. This paper introduces PlaceRaider, a novel ‘visual malware’ that allows remote attackers to engage in remote reconnais-sance and what we call “virtual theft. ” Through completely opportunistic use of the phone’s camera and other sensors, PlaceRaider constructs rich, three dimensional models of indoor environments. Remote burglars can thus ‘download’ the physical space, study the environment carefully, and steal virtual objects from the environment (such as financial doc-uments, information on computer monitors, and personally identifiable information). Through two human subject studies we demonstrate the effectiveness of using mobile devices as powerful surveillance and virtual theft platforms, and we suggest several possible defenses against visual malware. I.
On the Practicality of Motion Based Keystroke Inference Attack
"... Abstract. Recent researches have shown that motion sensors may be used as a side channel to infer keystrokes on the touchscreen of smartphones. However, the practicality of this attack is unclear. For example, does this attack work on different devices, screen dimensions, keyboard layouts, or keyboa ..."
Abstract
-
Cited by 15 (0 self)
- Add to MetaCart
(Show Context)
Abstract. Recent researches have shown that motion sensors may be used as a side channel to infer keystrokes on the touchscreen of smartphones. However, the practicality of this attack is unclear. For example, does this attack work on different devices, screen dimensions, keyboard layouts, or keyboard types? Does this attack depend on specific users or is it user independent? To answer these questions, we conducted a user study where 21 participants typed a total of 47,814 keystrokes on four different mobile devices in six settings. Our results show that this attack remains effective even though the accuracy is affected by user habits, device dimension, screen orientation, and keyboard layout. On a number-only keyboard, after the attacker tries 81 4-digit PINs, the probability that she has guessed the correct PIN is 65%, which improves the accuracy rate of random guessing by 81 times. Our study also indicates that inference based on the gyroscope is more accurate than that based on the accelerometer. We evaluated two classification techniques in our prototype and found that they are similarly effective. 1
Automated remote repair for mobile malware
- In Proceedings of the 27th Annual Computer Security Applications Conference
, 2011
"... ABSTRACT Mobile application markets currently serve as the main line of defense against malicious applications. While marketplace revocations have successfully removed the few overtly malicious applications installed on mobile devices, the anticipated coming flood of mobile malware mandates the nee ..."
Abstract
-
Cited by 13 (0 self)
- Add to MetaCart
(Show Context)
ABSTRACT Mobile application markets currently serve as the main line of defense against malicious applications. While marketplace revocations have successfully removed the few overtly malicious applications installed on mobile devices, the anticipated coming flood of mobile malware mandates the need for mechanisms that can respond faster than manual intervention. In this paper, we propose an infrastructure that automatically identifies and responds to malicious mobile applications based on their network behavior. We design and implement a prototype, Airmid, that uses cooperation between in-network sensors and smart devices to identify the provenance of malicious traffic. We then develop sample malicious mobile applications exceeding the capabilities of malware recently discovered in the wild, demonstrate the ease with which they can evade current detection techniques, and then use Airmid to show a range of automated recovery responses ranging from on-device firewalling to application removal.
Exploiting Smart-Phone USB Connectivity For Fun And Profit
"... The Universal Serial Bus (USB) connection has become the de-facto standard for both charging and data transfers for smart phone devices including Google’s Android and Apple’s iPhone. To further enhance their functionality, smart phones are equipped with programmable USB hardware and open source oper ..."
Abstract
-
Cited by 11 (3 self)
- Add to MetaCart
(Show Context)
The Universal Serial Bus (USB) connection has become the de-facto standard for both charging and data transfers for smart phone devices including Google’s Android and Apple’s iPhone. To further enhance their functionality, smart phones are equipped with programmable USB hardware and open source operating systems that empower them to alter the default behavior of the end-to-end USB communications. Unfortunately, these new capabilities coupled with the inherent trust that users place on the USB physical connectivity and the lack of any protection mechanisms render USB a insecure link, prone to exploitation. To demonstrate this new avenue of exploitation, we introduce novel attack strategies that exploit the functional capabilities of the USB physical link. In addition, we detail how a sophisticated adversary who has under his control one of the connected devices can subvert the other. This includes attacks where a compromised smart phone poses as a Human Interface Device (HID) and sends keystrokes in order to control the victim host. Moreover, we explain how to boot a smart phone device into USB host mode and take over another phone using a specially crafted cable. Finally, we point out the underlying reasons behind USB exploits and propose potential defense mechanisms that would limit or even prevent such USB borne attacks. 1.
Secure Cloud Computing with Brokered Trusted Sensor Networks
"... We propose a model for large-scale smartphone based sensor networks, with sensor information processed by clouds and grids, with a mediation layer for processing, filtering and other mashups done via a brokering network. Final aggregate results are assumed to be sent to users through traditional clo ..."
Abstract
-
Cited by 10 (1 self)
- Add to MetaCart
(Show Context)
We propose a model for large-scale smartphone based sensor networks, with sensor information processed by clouds and grids, with a mediation layer for processing, filtering and other mashups done via a brokering network. Final aggregate results are assumed to be sent to users through traditional cloud interfaces such as browsers. We conjecture that such a network configuration will have significant sensing applications, and perform some preliminary work in both defining the system, and considering threats to the system as a whole from different perspectives. We then discuss our current, initial approaches to solving three portions of the overall security architecture: i) Risk Analysis relating to the possession and environment of the smartphone sensors, ii) New malware threats and defenses installed on the sensor network proper, and iii) An analysis of covert channels being used to circumvent encryption in the user/cloud interface.
Screenmilker: How to milk your android screen for secrets
- In NDSS
, 2014
"... Abstract—With the rapid increase in Android device pop-ularity, the capabilities that the diverse user base demands from Android have significantly exceeded its original design. As a result, people have to seek ways to obtain the permissions not directly offered to ordinary users. A typical way to d ..."
Abstract
-
Cited by 8 (1 self)
- Add to MetaCart
(Show Context)
Abstract—With the rapid increase in Android device pop-ularity, the capabilities that the diverse user base demands from Android have significantly exceeded its original design. As a result, people have to seek ways to obtain the permissions not directly offered to ordinary users. A typical way to do that is using the Android Debug Bridge (ADB), a developer tool that has been granted permissions to use critical system resources. Apps adopting this solution have combined tens of millions of downloads on Google Play. However, we found that such ADB-level capabilities are not well guarded by Android. A prominent example we investigated is the apps that perform programmatic screenshots, a much-needed capability Android fails to support. We found that all such apps in the market inadvertently expose this ADB capability to any party with the INTERNET permission on the same device. With this exposure, a malicious app can be built to stealthily and intelligently collect sensitive user data through screenshots. To understand the threat, we built Screenmilker, an app that can detect the right moment to monitor the screen and pick up a user’s password when she is typing in real time. We show that this can be done efficiently by leveraging the unique design of smartphone user interfaces and its public resources. Such an understanding also informs Android developers how to protect this screenshot capability, should they consider providing an interface to let third-party developers use it in the future, and more generally the security risks of the ADB workaround, a standard technique gaining popularity in app development. Based on the understanding, we present a mitigation mechanism that controls the exposure of the ADB capabilities only to authorized apps. I.