Abstract:
In this paper, we introduce a computer vision-based attack using stereo cameras against authentication approaches for touch-enabled devices. In the attack, an attacker us...Show MoreMetadata
Abstract:
In this paper, we introduce a computer vision-based attack using stereo cameras against authentication approaches for touch-enabled devices. In the attack, an attacker uses a stereo camera (such as one on the HTC Evo 3D smartphone) and takes a video of a victim entering passwords on the touch screen of the victim's mobile device. We focus on challenging scenarios where the victim holds the device up and the attacker cannot see the victim's fingertip or the device screen. Since the stereo camera provides depth and distance information of objects in video frames, we can build a 3D scene to analyze the victim's hand movement and automatically recover the victim's passcode. The 3D vision attack is stealthy in daily settings like a classroom or a coffee shop since the attacker does not need to take a suspicious angle and see the touch screen of the victim. Without loss of generality, we use graphical passwords as an example and perform extensive experiments to demonstrate the effectiveness of the attack. The success rate of the 3D vision attack reaches 90% when the camera is across a table from a victim in a typical gathering scene.
Date of Conference: 21-25 May 2017
Date Added to IEEE Xplore: 31 July 2017
ISBN Information:
Electronic ISSN: 1938-1883