23 research outputs found
Towards Inferring Mechanical Lock Combinations using Wrist-Wearables as a Side-Channel
Wrist-wearables such as smartwatches and fitness bands are equipped with a
variety of high-precision sensors that support novel contextual and
activity-based applications. The presence of a diverse set of on-board sensors,
however, also expose an additional attack surface which, if not adequately
protected, could be potentially exploited to leak private user information. In
this paper, we investigate the feasibility of a new attack that takes advantage
of a wrist-wearable's motion sensors to infer input on mechanical devices
typically used to secure physical access, for example, combination locks. We
outline an inference framework that attempts to infer a lock's unlock
combination from the wrist motion captured by a smartwatch's gyroscope sensor,
and uses a probabilistic model to produce a ranked list of likely unlock
combinations. We conduct a thorough empirical evaluation of the proposed
framework by employing unlocking-related motion data collected from human
subject participants in a variety of controlled and realistic settings.
Evaluation results from these experiments demonstrate that motion data from
wrist-wearables can be effectively employed as a side-channel to significantly
reduce the unlock combination search-space of commonly found combination locks,
thus compromising the physical security provided by these locks
Snoopy: Sniffing Your Smartwatch Passwords via Deep Sequence Learning
Demand for smartwatches has taken off in recent years with new models which can run independently from smartphones and provide more useful features, becoming first-class mobile platforms. One can access online banking or even make payments on a smartwatch without a paired phone. This makes smartwatches more attractive and vulnerable to malicious attacks, which to date have been largely overlooked. In this paper, we demonstrate Snoopy, a password extraction and inference system which is able to accurately infer passwords entered on Android/Apple watches within 20 attempts, just by eavesdropping on motion sensors. Snoopy uses a uniform framework to extract the segments of motion data when passwords are entered, and uses novel deep neural networks to infer the actual passwords. We evaluate the proposed Snoopy system in the real-world with data from 362 participants and show that our system offers a ~ 3-fold improvement in the accuracy of inferring passwords compared to the state-of-the-art, without consuming excessive energy or computational resources. We also show that Snoopy is very resilient to user and device heterogeneity: it can be trained on crowd-sourced motion data (e.g. via Amazon Mechanical Turk), and then used to attack passwords from a new user, even if they are wearing a different model. This paper shows that, in the wrong hands, Snoopy can potentially cause serious leaks of sensitive information. By raising awareness, we invite the community and manufacturers to revisit the risks of continuous motion sensing on smart wearable devices
WristSpy: Snooping Passcodes in Mobile Payment Using Wrist-worn Wearables
Mobile payment has drawn considerable attention due to its convenience of paying via personal mobile devices at anytime and anywhere, and passcodes (i.e., PINs or patterns) are the first choice of most consumers to authorize the payment. This paper demonstrates a serious security breach and aims to raise the awareness of the public that the passcodes for authorizing transactions in mobile payments can be leaked by exploiting the embedded sensors in wearable devices (e.g., smartwatches). We present a passcode inference system, WristSpy, which examines to what extent the user's PIN/pattern during the mobile payment could be revealed from a single wrist-worn wearable device under different passcode input scenarios involving either two hands or a single hand. In particular, WristSpy has the capability to accurately reconstruct fine-grained hand movement trajectories and infer PINs/patterns when mobile and wearable devices are on two hands through building a Euclidean distance-based model and developing a training-free parallel PIN/pattern inference algorithm. When both devices are on the same single hand, a highly challenging case, WristSpy extracts multi-dimensional features by capturing the dynamics of minute hand vibrations and performs machine-learning based classification to identify PIN entries. Extensive experiments with 15 volunteers and 1600 passcode inputs demonstrate that an adversary is able to recover a user's PIN/pattern with up to 92% success rate within 5 tries under various input scenarios
My(o) Armband Leaks Passwords: An EMG and IMU Based Keylogging Side-Channel Attack
Wearables that constantly collect various sensor data of their users increase the chances for inferences of unintentional and sensitive information such as passwords typed on a physical keyboard. We take a thorough look at the potential of using electromyographic (EMG) data, a sensor modality which is new to the market but has lately gained attention in the context of wearables for augmented reality (AR), for a keylogging side-channel attack. Our approach is based on neural networks for a between-subject attack in a realistic scenario using the Myo Armband to collect the sensor data. In our approach, the EMG data has proven to be the most prominent source of information compared to the accelerometer and gyroscope, increasing the keystroke detection performance. For our end-to-end approach on raw data, we report a mean balanced accuracy of about 76 % for the keystroke detection and a mean top-3 key accuracy of about 32 % on 52 classes for the key identification on passwords of varying strengths. We have created an extensive dataset including more than 310 000 keystrokes recorded from 37 volunteers, which is available as open access along with the source code used to create the given results
PILOT: Password and PIN Information Leakage from Obfuscated Typing Videos
This paper studies leakage of user passwords and PINs based on observations
of typing feedback on screens or from projectors in the form of masked
characters that indicate keystrokes. To this end, we developed an attack called
Password and Pin Information Leakage from Obfuscated Typing Videos (PILOT). Our
attack extracts inter-keystroke timing information from videos of password
masking characters displayed when users type their password on a computer, or
their PIN at an ATM. We conducted several experiments in various attack
scenarios. Results indicate that, while in some cases leakage is minor, it is
quite substantial in others. By leveraging inter-keystroke timings, PILOT
recovers 8-character alphanumeric passwords in as little as 19 attempts. When
guessing PINs, PILOT significantly improved on both random guessing and the
attack strategy adopted in our prior work [4]. In particular, we were able to
guess about 3% of the PINs within 10 attempts. This corresponds to a 26-fold
improvement compared to random guessing. Our results strongly indicate that
secure password masking GUIs must consider the information leakage identified
in this paper
Behavioral Model For Live Detection of Apps Based Attack
Smartphones with the platforms of applications are gaining extensive
attention and popularity. The enormous use of different applications has paved
the way to numerous security threats. The threats are in the form of attacks
such as permission control attacks, phishing attacks, spyware attacks, botnets,
malware attacks, privacy leakage attacks. Moreover, other vulnerabilities
include invalid authorization of apps, compromise on the confidentiality of
data, invalid access control. In this paper, an application-based attack
modeling and attack detection is proposed. Due to A novel attack vulnerability
is identified based on the app execution on the smartphone. The attack modeling
involves an end-user vulnerable application to initiate an attack. The
vulnerable application is installed at the background end on the smartphone
with hidden visibility from the end-user. Thereby, accessing the confidential
information. The detection model involves the proposed technique of an
Application-based Behavioral Model Analysis (ABMA) scheme to address the attack
model. The model incorporates application-based comparative parameter analysis
to perform the process of intrusion detection. The ABMA is estimated by using
the parameters of power, battery level, and the data usage. Based on the source
internet accessibility, the analysis is performed using three different
configurations as, WiFi, mobile data, and the combination of the two. The
simulation results verify and demonstrates the effectiveness of the proposed
model
Inferring smartphone keypress via smartwatch inertial sensing
Ministry of Education, Singapore under its Academic Research Funding Tier