ABSTRACT
Many modern wrist-wearables, such as smartwatches and fitness trackers, are equipped with ambient light sensors that are able to capture the surrounding light levels. While an ambient light sensor is intended to make applications environment-aware, malicious applications can potentially misuse it to infer private information pertaining the wearer. Moreover, such an attack vector is hard to mitigate because the ambient light sensor is a part of the zero-permission sensor suite on most wearable platforms, i.e., any on-device application can access these sensors without requiring explicit user-level permissions. In this paper, we study the feasibility of how a malicious smartwatch application can leverage on ambient light sensor data to infer sensitive information about the wearer, specifically keystrokes typed by the wearer on an ATM keypad. While there are multiple previous works that target motion sensor data on wrist-wearables to infer keystrokes, we study the feasibility of how a similar attack can be conducted using an ambient light sensor. The characteristic differences between motion and light data, and how they are impacted during the keystroke activity, implies that existing inference frameworks that rely on motion data cannot be directly employed in this case. As a result, we design a new ambient light based keystroke inference framework which models the varying intensities of light on and around an ATM keypad to infer keystrokes. Our evaluation results indicate that an inference attack on keystrokes is moderately feasible, even with a coarse-grained ambient light sensor found on many low-cost wrist-wearables.
- D. Asonov and R. Agrawal. Keyboard Acoustic Emanations. In IEEE S&P, 2004.Google Scholar
- A. Barisani and D. Bianco. Sniffing Keystrokes with Lasers/Voltmeters. Black Hat USA, 2009.Google Scholar
- Y. Berger, A. Wool, and A. Yeredor. Dictionary Attacks using Keyboard Acoustic Emanations. In ACM CCS, 2006. Google ScholarDigital Library
- Consumer Technology Association. Smartwatch unit sales worldwide from 2014 to 2018 (in millions), 2018.Google Scholar
- A. P. Felt, M. Finifter, E. Chin, S. Hanna, and D. Wagner. A survey of mobile malware in the wild. In ACM SPSM, 2011. Google ScholarDigital Library
- H. G. Forder. The foundations of Euclidean geometry, volume 10. Dover New York, 1958.Google Scholar
- A. Holmes, S. Desai, and A. Nahapetian. Luxleak: capturing computing activity using smart device ambient light sensors. In ACM Smart Objects, 2016. Google ScholarDigital Library
- K. Krombholz, H. Hobel, M. Huber, and E. Weippl. Advanced social engineering attacks. Journal of Information Security and applications, 22, 2015. Google ScholarDigital Library
- X. Liu, Z. Zhou, W. Diao, Z. Li, and K. Zhang. When good becomes evil: Keystroke inference with smartwatch. In ACM CCS, 2015. Google ScholarDigital Library
- A. Maiti, O. Armbruster, M. Jadliwala, and J. He. Smartwatch-based keystroke inference attacks and context-aware protection mechanism. In ACM AsiaCCS, 2016. Google ScholarDigital Library
- A. Maiti, R. Heard, M. Sabra, and M. Jadliwala. Towards Inferring Mechanical Lock Combinations using Wrist-Wearables as a Side-Channel. In ACM WiSec, 2018. Google ScholarDigital Library
- A. Maiti, M. Jadliwala, J. He, and I. Bilogrevic. (Smart)Watch Your Taps: Side-channel Keystroke Inference Attacks Using Smartwatches. In ACM ISWC, 2015. Google ScholarDigital Library
- A. Maiti, M. Jadliwala, J. He, and I. Bilogrevic. Side-Channel Inference Attacks on Mobile Keypads using Smartwatches. IEEE Transactions of Mobile Computing, 2016.Google Scholar
- P. Marquardt, A. Verma, H. Carter, and P. Traynor. (sp) iphone: decoding vibrations from nearby keyboards using mobile phone accelerometers. In ACM CCS, 2011. Google ScholarDigital Library
- Y. Michalevsky, D. Boneh, and G. Nakibly. Gyrophone: Recognizing Speech from Gyroscope Signals. In USENIX Security, 2014. Google ScholarDigital Library
- F. Pedregosa, G. Varoquaux, A. Gramfort, V. Michel, B. Thirion, O. Grisel, M. Blondel, P. Prettenhofer, R. Weiss, V. Dubourg, et al. Scikit-learn: Machine learning in python. Journal of machine learning research, 12(Oct), 2011. Google ScholarDigital Library
- A. Sarkisyan, R. Debbiny, and A. Nahapetian. Wristsnoop: Smartphone pins prediction using smartwatch motion sensors. In IEEE WIFS, 2015.Google ScholarCross Ref
- R. Spreitzer. Pin skimming: Exploiting the ambient-light sensor in mobile devices. In ACM SPSM, 2014. Google ScholarDigital Library
- M. Vuagnoux and S. Pasini. Compromising Electromagnetic Emanations of Wired and Wireless Keyboards. In USENIX Security, 2009. Google ScholarDigital Library
- H. Wang, T. T.-T. Lai, and R. Roy Choudhury. Mole: Motion leaks through smartwatch sensors. In ACM MobiCom, 2015. Google ScholarDigital Library
Recommendations
Smartwatch-Based Keystroke Inference Attacks and Context-Aware Protection Mechanisms
ASIA CCS '16: Proceedings of the 11th ACM on Asia Conference on Computer and Communications SecurityWearable devices, such as smartwatches, are furnished with state-of-the-art sensors that enable a range of context-aware applications. However, malicious applications can misuse these sensors, if access is left unaudited. In this paper, we demonstrate ...
Monitoring Elder's Living Activity Using Ambient and Body Sensor Network in Smart Home
2015 IEEE International Conference on Systems, Man, and CyberneticsThe high development of medicine causes the world's population aging quickly. To resolve the problem with limited medical resources, constant monitoring of elders' activity of daily living is important. We propose an activity recognition system for smart ...
Health and wellness monitoring using ambient sensor networks
Smart homes equipped with ambient wireless sensor networks provide new opportunities to help older adults age-in-place, improve their quality of life and help better manage their health and wellness. In this paper, we present a methodology that estimates ...
Comments