Seeing double: reconstructing obscured typed input from repeated compromising reflections

Authors:
Yi Xu;Jared Heinly;Andrew M. White;Fabian Monrose;Jan-Michael Frahm
Affiliations:
UNC Chapel Hill, Chapel Hill, N. Carolina, USA;UNC Chapel Hill, Chapel Hill, N. Carolina, USA;UNC Chapel Hill, Chapel Hill, N. Carolina, USA;UNC Chapel Hill, Chapel Hill, N. Carolina, USA;UNC Chapel Hill, Chapel Hill, N. Carolina, USA
Venue:
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Year:
2013

Citing 29
Cited 0

Electromagnetic radiation revisited

Computers and Security
Electromagnetic radiation from video display units: an eavesdropping risk?

Computers and Security
Random sample consensus: a paradigm for model fitting with applications to image analysis and automated cartography

Communications of the ACM
Use of the Hough transformation to detect lines and curves in pictures

Communications of the ACM
Real-Time Fingertip Tracking and Gesture Recognition

IEEE Computer Graphics and Applications
Contribution to the Determination of Vanishing Points Using Hough Transform

IEEE Transactions on Pattern Analysis and Machine Intelligence
Wearable virtual tablet: fingertip drawing on a portable plane-object using an active-infrared camera

Proceedings of the 9th international conference on Intelligent user interfaces
Lucas-Kanade 20 Years On: A Unifying Framework

International Journal of Computer Vision
Keyboard acoustic emanations revisited

Proceedings of the 12th ACM conference on Computer and communications security
Spy-resistant keyboard: more secure password entry on public touch screen displays

OZCHI '05 Proceedings of the 17th Australia conference on Computer-Human Interaction: Citizens Online: Considerations for Today and the Future
Image Sensors and Signal Processing for Digital Still Cameras

Image Sensors and Signal Processing for Digital Still Cameras
Reducing shoulder-surfing by using gaze-based password entry

Proceedings of the 3rd symposium on Usable privacy and security
Image alignment and stitching: a tutorial

Foundations and Trends® in Computer Graphics and Vision
Vision-Based Detection of Guitar Players' Fingertips Without Markers

CGIV '07 Proceedings of the Computer Graphics, Imaging and Visualisation
Compromising Reflections-or-How to Read LCD Monitors around the Corner

SP '08 Proceedings of the 2008 IEEE Symposium on Security and Privacy
ClearShot: Eavesdropping on Keyboard Input from Video

SP '08 Proceedings of the 2008 IEEE Symposium on Security and Privacy
Handy AR: Markerless Inspection of Augmented Reality Objects Using Fingertip Tracking

ISWC '07 Proceedings of the 2007 11th IEEE International Symposium on Wearable Computers
Tempest in a Teapot: Compromising Reflections Revisited

SP '09 Proceedings of the 2009 30th IEEE Symposium on Security and Privacy
Manipulation of virtual objects in marker-less AR system by fingertip tracking and hand gesture recognition

Proceedings of the 2nd International Conference on Interaction Sciences: Information Technology, Culture and Human
Fingertip detection with morphology and geometric calculation

IROS'09 Proceedings of the 2009 IEEE/RSJ international conference on Intelligent robots and systems
The Meteor metric for automatic evaluation of machine translation

Machine Translation
Compromising electromagnetic emanations of wired and wireless keyboards

SSYM'09 Proceedings of the 18th conference on USENIX security symposium
Vlfeat: an open and portable library of computer vision algorithms

Proceedings of the international conference on Multimedia
TouchLogger: inferring keystrokes on touch screen from smartphone motion

HotSec'11 Proceedings of the 6th USENIX conference on Hot topics in security
iSpy: automatic reconstruction of typed input from compromising reflections

Proceedings of the 18th ACM conference on Computer and communications security
ACCessory: password inference using accelerometers on smartphones

Proceedings of the Twelfth Workshop on Mobile Computing Systems & Applications
On the practicality of motion based keystroke inference attack

TRUST'12 Proceedings of the 5th international conference on Trust and Trustworthy Computing
Fingerprint attack against touch-enabled devices

Proceedings of the second ACM workshop on Security and privacy in smartphones and mobile devices
On the Privacy Risks of Virtual Keyboards: Automatic Reconstruction of Typed Input from Compromising Reflections

IEEE Transactions on Dependable and Secure Computing

Quantified Score

Hi-index	0.00

Visualization

Abstract

Of late, threats enabled by the ubiquitous use of mobile devices have drawn much interest from the research community. However, prior threats all suffer from a similar, and profound, weakness - namely the requirement that the adversary is either within visual range of the victim (e.g., to ensure that the pop-out events in reflections in the victim's sunglasses can be discerned) or is close enough to the target to avoid the use of expensive telescopes. In this paper, we broaden the scope of the attacks by relaxing these requirements and show that breaches of privacy are possible even when the adversary is around a corner. The approach we take overcomes challenges posed by low image resolution by extending computer vision methods to operate on small, high-noise, images. Moreover, our work is applicable to all types of keyboards because of a novel application of fingertip motion analysis for key-press detection. In doing so, we are also able to exploit reflections in the eyeball of the user or even repeated reflections (i.e., a reflection of a reflection of the mobile device in the eyeball of the user). Our empirical results show that we can perform these attacks with high accuracy, and can do so in scenarios that aptly demonstrate the realism of this threat.