When kids' toys breach mobile phone security

Abdul Serwadda, Vir V. Phoha

Research output: Chapter in Book/Entry/PoemConference contribution

71 Scopus citations


Touch-based verification - the use of touch gestures (e.g., swiping, zooming, etc.) to authenticate users of touch screen devices - has recently been widely evaluated for its potential to serve as a second layer of defense to the PIN lock mechanism. In all performance evaluations of touch-based authentication systems however, researchers have assumed naive (zero-effort) forgeries in which the attacker makes no effort to mimic a given gesture pattern. In this paper we demonstrate that a simple "Lego" robot driven by input gleaned from general population swiping statistics can generate forgeries that achieve alarmingly high penetration rates against touch-based authentication systems. Using the best classification algorithms in touch-based authentication, we rigorously explore the effect of the attack, finding that it increases the Equal Error Rates of the classifiers by between 339% and 1004% depending on parameters such as the failure-to-enroll threshold and the type of touch stroke generated by the robot. The paper calls into question the zero-effort impostor testing approach used to benchmark the performance of touch-based authentication systems.

Original languageEnglish (US)
Title of host publicationCCS 2013 - Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security
Number of pages12
StatePublished - 2013
Externally publishedYes
Event2013 ACM SIGSAC Conference on Computer and Communications Security, CCS 2013 - Berlin, Germany
Duration: Nov 4 2013Nov 8 2013

Publication series

NameProceedings of the ACM Conference on Computer and Communications Security
ISSN (Print)1543-7221


Other2013 ACM SIGSAC Conference on Computer and Communications Security, CCS 2013


  • attack
  • authentication
  • biometrics
  • robot
  • touch gestures

ASJC Scopus subject areas

  • Software
  • Computer Networks and Communications


Dive into the research topics of 'When kids' toys breach mobile phone security'. Together they form a unique fingerprint.

Cite this