Stealing passwords by observing hands movement

Diksha Shukla, Vir Phoha

Research output: Contribution to journalArticle

1 Scopus citations

Abstract

The use of mobile phones in public places opens up the possibilities of remote side channel attacks on these devices. We present a video-based side channel attack to decipher passwords on mobile devices. Our method uses short video clips ranging from 5 to 10 s each, which can be taken unobtrusively from a distance and do not require the keyboard or the screen of the phone to be visible. By relating the spatiotemporal movements of the user's hand during typing and an anchor point on any visible part of the phone, we predict the typed password with high accuracy. The results on a dataset of 375 short videos of password entry process on a Samsung Galaxy S4 phone show an exponential reduction in the search space compared to a random guess. For each key-press corresponding to a character in the passwords, our method was able to reduce the search space to an average of 2-3 keys compared to 30 keys if one has to guess the key randomly. Thus, this paper reaffirms threats to smartphone users' conventional login in public places and highlights the threats in scenarios such as hiding the screen that otherwise gives the impression of being safe to the users.

Original languageEnglish (US)
Article number8691569
Pages (from-to)3086-3101
Number of pages16
JournalIEEE Transactions on Information Forensics and Security
Volume14
Issue number12
DOIs
StatePublished - Dec 1 2019

    Fingerprint

Keywords

  • authentication
  • Biometrics
  • hand gestures
  • password
  • side channel attack
  • smartphone security

ASJC Scopus subject areas

  • Safety, Risk, Reliability and Quality
  • Computer Networks and Communications

Cite this