Beware, your hands reveal your secrets !

Diksha Shukia, Rajesh Kumar, Vir V. Phoha, Abdul Serwadda

Research output: Chapter in Book/Report/Conference proceedingConference contribution

62 Scopus citations

Abstract

Research on attacks which exploit video-based side-channels to decode text typed on a smartphone has traditionally assumed that the adversary is able to leverage some information from the screen display (say, a reflection of the screen or a low resolution video of the content typed on the screen). This paper introduces a new breed of side-channel attack on the PIN entry process on a smartphone which entirely relies on the spatio-temporal dynamics of the hands during typing to decode the typed text. Implemented on a dataset of 200 videos of the PIN entry process on an HTC One phone, we show, that the attack breaks an average of over 50% of the PINs on the first attempt and an average of over 85% of the PINs in ten attempts. Because the attack can be conducted in such a way not to raise suspicion (i.e., since the adversary does not have to direct the camera at the screen), we believe that it is very likely to be adopted by adversaries who seek to stealthily steal sensitive private information. As users conduct more and more of their computing transactions on mobile devices in the open, the paper calls for the community to take a closer look at the risks posed by the now ubiquitous camera-enabled devices. Copyright is held by the owner/author(s).

Original languageEnglish (US)
Title of host publicationProceedings of the ACM Conference on Computer and Communications Security
PublisherAssociation for Computing Machinery
Pages904-917
Number of pages14
ISBN (Print)9781450329576, 9781450329576, 9781450331470, 9781450331500, 9781450331517, 9781450331524, 9781450331531, 9781450331548, 9781450331555, 9781450332392
DOIs
StatePublished - Nov 3 2014
Event21st ACM Conference on Computer and Communications Security, CCS 2014 - Scottsdale, United States
Duration: Nov 3 2014Nov 7 2014

Other

Other21st ACM Conference on Computer and Communications Security, CCS 2014
CountryUnited States
CityScottsdale
Period11/3/1411/7/14

    Fingerprint

Keywords

  • Authentication
  • Image analysis
  • Mobile devices
  • Motion tracking
  • PIN lock
  • Side-channel attack

ASJC Scopus subject areas

  • Software
  • Computer Networks and Communications

Cite this

Shukia, D., Kumar, R., Phoha, V. V., & Serwadda, A. (2014). Beware, your hands reveal your secrets ! In Proceedings of the ACM Conference on Computer and Communications Security (pp. 904-917). Association for Computing Machinery. https://doi.org/10.1145/2660267.2660360