The Confused Deputy: (or why capabilities might have been invented)
ACM SIGOPS Operating Systems Review
SenSay: A Context-Aware Mobile Phone
ISWC '03 Proceedings of the 7th IEEE International Symposium on Wearable Computers
Enhancing Security and Privacy in Traffic-Monitoring Systems
IEEE Pervasive Computing
Designing Gestural Interfaces: Touchscreens and Interactive Devices
Designing Gestural Interfaces: Touchscreens and Interactive Devices
Stealthy video capturer: a new video-based spyware in 3G smartphones
Proceedings of the second ACM conference on Wireless network security
On the Anonymity of Home/Work Location Pairs
Pervasive '09 Proceedings of the 7th International Conference on Pervasive Computing
Defending against sensor-sniffing attacks on mobile phones
Proceedings of the 1st ACM workshop on Networking, systems, and applications for mobile handhelds
Using mobile phones to determine transportation modes
ACM Transactions on Sensor Networks (TOSN)
Inference attacks on location tracks
PERVASIVE'07 Proceedings of the 5th international conference on Pervasive computing
PRISM: platform for remote sensing using smartphones
Proceedings of the 8th international conference on Mobile systems, applications, and services
Professional Android 2 Application Development
Professional Android 2 Application Development
A survey of mobile phone sensing
IEEE Communications Magazine
Cooperative transit tracking using smart-phones
Proceedings of the 8th ACM Conference on Embedded Networked Sensor Systems
Smudge attacks on smartphone touch screens
WOOT'10 Proceedings of the 4th USENIX conference on Offensive technologies
LIBSVM: A library for support vector machines
ACM Transactions on Intelligent Systems and Technology (TIST)
Improving wireless network performance using sensor hints
Proceedings of the 8th USENIX conference on Networked systems design and implementation
Taming information-stealing smartphone applications (on Android)
TRUST'11 Proceedings of the 4th international conference on Trust and trustworthy computing
TouchLogger: inferring keystrokes on touch screen from smartphone motion
HotSec'11 Proceedings of the 6th USENIX conference on Hot topics in security
Permission re-delegation: attacks and defenses
SEC'11 Proceedings of the 20th USENIX conference on Security
Quire: lightweight provenance for smart phone operating systems
SEC'11 Proceedings of the 20th USENIX conference on Security
iSpy: automatic reconstruction of typed input from compromising reflections
Proceedings of the 18th ACM conference on Computer and communications security
(sp)iPhone: decoding vibrations from nearby keyboards using mobile phone accelerometers
Proceedings of the 18th ACM conference on Computer and communications security
Poster: fast, automatic iPhone shoulder surfing
Proceedings of the 18th ACM conference on Computer and communications security
ACCessory: password inference using accelerometers on smartphones
Proceedings of the Twelfth Workshop on Mobile Computing Systems & Applications
Fingerprint attack against touch-enabled devices
Proceedings of the second ACM workshop on Security and privacy in smartphones and mobile devices
Practicality of accelerometer side channels on smartphones
Proceedings of the 28th Annual Computer Security Applications Conference
SilentSense: silent user identification via touch and movement behavioral biometrics
Proceedings of the 19th annual international conference on Mobile computing & networking
Towards providing security for mobile games
Proceedings of the eighth ACM international workshop on Mobility in the evolving internet architecture
PIN skimmer: inferring PINs through the camera and microphone
Proceedings of the Third ACM workshop on Security and privacy in smartphones & mobile devices
SEC'13 Proceedings of the 22nd USENIX conference on Security
| Hi-index | 0.00 |
Today's smartphones are shipped with various embedded motion sensors, such as the accelerometer, gyroscope, and orientation sensors. These motion sensors are useful in supporting the mobile UI innovation and motion-based commands. However, they also bring potential risks of leaking user's private information as they allow third party applications to monitor the motion changes of smartphones. In this paper, we study the feasibility of inferring a user's tap inputs to a smartphone with its integrated motion sensors. Specifically, we utilize an installed trojan application to stealthily monitor the movement and gesture changes of a smartphone using its on-board motion sensors. When the user is interacting with the trojan application, it learns the motion change patterns of tap events. Later, when the user is performing sensitive inputs, such as entering passwords on the touchscreen, the trojan application applies the learnt pattern to infer the occurrence of tap events on the touchscreen as well as the tapped positions on the touchscreen. For demonstration, we present the design and implementation of TapLogger, a trojan application for the Android platform, which stealthily logs the password of screen lock and the numbers entered during a phone call (e.g., credit card and PIN numbers). Statistical results are presented to show the feasibility of such inferences and attacks.