Conference Paper

PIN Skimming: Exploiting the Ambient-Light Sensor in Mobile Devices

Authors:
  • SGS Digital Trust Services
To read the full-text of this research, you can request a copy directly from the author.

Abstract

The pervasive usage of mobile devices, i.e., smartphones and tablet computers, and their vast amount of sensors represent a plethora of side channels posing a serious threat to the user's privacy and security. In this paper, we propose a new type of side channel which is based on the ambient-light sensor employed in today's mobile devices. While recent advances in this area of research focused on the employed motion sensors and the camera as well as the sound, we investigate a less obvious source of information leakage, namely the ambient light. We successfully demonstrate that minor tilts and turns of mobile devices cause variations of the ambient-light sensor information. Furthermore, we show that these variations leak enough information to infer a user's personal identification number (PIN) input based on a set of known PINs. Our results clearly show that we are able to determine the correct PIN---out of a set of 50 random PINs---within the first ten guesses about 80% of the time. In contrast, the chance of finding the right PIN by randomly guessing ten PINs would be 20%. Since the data required to perform such an attack can be gathered without any specific permissions or privileges, the presented attack seriously jeopardizes the security and privacy of mobile-device owners.

No full-text available

Request Full-text Paper PDF

To read the full-text of this research,
you can request a copy directly from the author.

... Luxmeter is the device that is used to measure the intensity of light. Smartphones have embedded lux meter that measures the light intensity and automatically adjusts the screen brightness to optimize the battery usage [167]. Lux meter provides the intensities of Red, Green, Blue (RGB), as well as, the white light at any point in lux. ...
... Meas. [85] Pattern matching [54,74,86,87] 3D readings [54,73,89] FP (B) [84,91] FP (x,y,z) [75] FP (B,x,y,I) [92,93] DL [94,95] Device calibration [96,97] FP crowdsource [98][99][100] Tagging [109][110][111][112][113][114] Image processing VLC Edge, blob [116,117] SIFT [118] SURF [119] BRIEF [120] ORB [121] RSS [129,130] Multilateration [127,131] RSSI [143,[149][150][151]155] Latency [144][145][146][147][148] Range based [153] Angle based [152] Hybrid [154,158,159] Multiple barometers [167,168] Single barometer & floor height [170] Hybrid approaches [169,171,172] SVM [173] KNN &BPNN [174] Crowdsource [167] Indoor vs outdoor [162,163] Light intensity local. [164,165] Wi-Fi Figure 10. ...
... Meas. [85] Pattern matching [54,74,86,87] 3D readings [54,73,89] FP (B) [84,91] FP (x,y,z) [75] FP (B,x,y,I) [92,93] DL [94,95] Device calibration [96,97] FP crowdsource [98][99][100] Tagging [109][110][111][112][113][114] Image processing VLC Edge, blob [116,117] SIFT [118] SURF [119] BRIEF [120] ORB [121] RSS [129,130] Multilateration [127,131] RSSI [143,[149][150][151]155] Latency [144][145][146][147][148] Range based [153] Angle based [152] Hybrid [154,158,159] Multiple barometers [167,168] Single barometer & floor height [170] Hybrid approaches [169,171,172] SVM [173] KNN &BPNN [174] Crowdsource [167] Indoor vs outdoor [162,163] Light intensity local. [164,165] Wi-Fi Figure 10. ...
Article
Full-text available
The last two decades have witnessed a rich variety of indoor positioning and localization research. Starting with Microsoft Research pioneering the fingerprint approach based RADAR, MIT’s Cricket, and then moving towards beacon-based localization are few among many others. In parallel, researchers looked into other appealing and promising technologies like radio frequency identification, ultra-wideband, infrared, and visible light-based systems. However, the proliferation of smartphones over the past few years revolutionized and reshaped indoor localization towards new horizons. The deployment of MEMS sensors in modern smartphones have initiated new opportunities and challenges for the industry and academia alike. Additionally, the demands and potential of location-based services compelled the researchers to look into more robust, accurate, smartphone deployable, and context-aware location sensing. This study presents a comprehensive review of the approaches that make use of data from one or more sensors to estimate the user’s indoor location. By analyzing the approaches leveraged on smartphone sensors, it discusses the associated challenges of such approaches and points out the areas that need considerable research to overcome their limitations.
... However, malicious access to sensor streams provides an installed app running in the background with an exploit path. Researchers have shown that the user PINs and passwords can be disclosed through sensors such as camera and microphone [24], ambient light [26], and gyroscope [31]. Sensors such as NFC can also be misused to attack financial payments [16]. ...
... Although the information leakage caused by sensors has been known for years [24,26,31], the problem has remained unsolved in practice. One main reason is the complexity of the problem; keeping the balance between security and usability. ...
Conference Paper
Mobile sensors have already proved to be helpful to different aspects of people's everyday lives such as fitness, gaming, navigation, etc. However, illegitimate access to these sensors provides a malicious program running with an exploit path. While the users are benefiting from richer and more personalized apps, the growing number of sensors introduces new security and privacy risks to end users, and makes the task of sensor management more complex. In this paper, first, we discuss the issues around security and privacy of mobile sensors. Second, we reflect the results of a workshop which we organized on mobile sensor security. In this workshop, the participants are introduced to mobile sensors by working with sensor-enabled apps. We evaluate the risk levels perceived by the participants for these sensors after they learn their functionalities. The results show that knowing sensors by working with sensor-enabled apps would not immediately improve the users' security inference of the actual risks of these sensors. Finally, we provide recommendations for educators, app developers, and mobile users to contribute toward awareness and education on this topic.
... However, malicious access to sensor streams results in an installed app running in the background with an exploit path. Researchers have shown that the user PINs and passwords can be disclosed through sensors such as the camera and microphone [7], the ambient light sensor [8] and the gyroscope [9]. Sensors such as NFC can also be misused to attack financial payments [10]. ...
... On the other hand, access to many other sensors including accelerometer, gyroscope and light is unrestricted; any app can have free access to the sensor data without needing any user permission, as these sensors are left unmanaged on mobile operating systems. Although the information leakage caused by sensors has been known for years [7][8][9], the problem has remained unsolved in practice. One main reason is the complexity of the problem; keeping the balance between security and usability. ...
Article
Full-text available
Mobile sensors have already proven to be helpful in different aspects of people’s everyday lives such as fitness, gaming, navigation, etc. However, illegitimate access to these sensors results in a malicious program running with an exploit path. While the users are benefiting from richer and more personalized apps, the growing number of sensors introduces new security and privacy risks to end users and makes the task of sensor management more complex. In this paper, first, we discuss the issues around the security and privacy of mobile sensors. We investigate the available sensors on mainstream mobile devices and study the permission policies that Android, iOS and mobile web browsers offer for them. Second, we reflect the results of two workshops that we organized on mobile sensor security. In these workshops, the participants were introduced to mobile sensors by working with sensor-enabled apps. We evaluated the risk levels perceived by the participants for these sensors after they understood the functionalities of these sensors. The results showed that knowing sensors by working with sensor-enabled apps would not immediately improve the users’ security inference of the actual risks of these sensors. However, other factors such as the prior general knowledge about these sensors and their risks had a strong impact on the users’ perception. We also taught the participants about the ways that they could audit their apps and their permissions. Our findings showed that when mobile users were provided with reasonable choices and intuitive teaching, they could easily self-direct themselves to improve their security and privacy. Finally, we provide recommendations for educators, app developers, and mobile users to contribute toward awareness and education on this topic.
... Based on their results they conclude that, on its own, the light sensor is not sufficient for authentication. An interesting exploit of the ambient light sensor was revealed by Spreitzer [63] where they showed that by using variations in the ambient light due to slight tilting of the smartphone while inputting a PIN they can improve their chances of correctly guessing it. They used a corpus of 50 random PINs and allowed themselves 10 guesses and managed to have an 80% success rate compared to 20% if they randomly guessed. ...
... Time of day, weather, and open windows affected the performance. [63] ambient light sensor PIN ...
Preprint
An average smartphone is equipped with an abundance of sensors to provide a variety of vital functionalities and conveniences. The data from these sensors can be collected in order to find trends or discover interesting correlations in the data but can also be used by nefarious entities for the purpose of revealing the identity of the persons who generated this data.In this paper, we seek to identify what types of sensor data can be collected on a smartphone and which of those types can pose a threat to user privacy by looking into the hardware capabilities of modern smartphone devices and how smartphone data is used in the literature. We then summarize some implications that this information could have on the GDPR.
... Smartphones, nowadays, are equipped with a built-in ambient light sensor, which can determine the intensity level of the surrounding environment. Its main purpose is to optimize the brightness of the smartphone screen accordingly, which allows one to save battery [14][15][16]. Light intensity varies amply while moving from indoors to outdoors and vice versa. ...
Article
Full-text available
A wide range of localization techniques has been proposed recently that leverage smartphone sensors. Context awareness serves as the backbone of these localization techniques, which helps them to shift the localization technologies to improve efficiency and energy utilization. Indoor-outdoor (IO) context sensing plays a vital role for such systems, which serve both indoor and outdoor localization. IO systems work with collaborative technologies including the Global Positioning System (GPS), cellular tower signals, Wi-Fi, Bluetooth and a variety of smartphone sensors. GPS- and Wi-Fi-based systems are power hungry, and their accuracy is severed by limiting factors like multipath, shadowing, etc. On the other hand, various built-in smartphone sensors can be deployed for environmental sensing. Although these sensors can play a crucial role, yet they are very less studied. This research aims at investigating the use of ambient magnetic field data alone from a smartphone for IO detection. The research first investigates the feasibility of utilizing magnetic field data alone for IO detection and then extracts different features suitable for IO detection to be used in machine learning-based classifiers to discriminate between indoor and outdoor environments. The experiments are performed at three different places including a subway station, a shopping mall and Yeungnam University (YU), Korea. The training data are collected from one spot of the campus, and testing is performed with data from various locations of the above-mentioned places. The experiment involves Samsung Galaxy S8, LG G6 and Samsung Galaxy Round smartphones. The results show that the magnetic data from smartphone magnetic sensor embody enough information and can discriminate the indoor environment from the outdoor environment. Naive Bayes (NB) outperforms with a classification accuracy of 83.26%, as against Support vector machines (SVM), random induction (RI), gradient boosting machines (GBM), random forest (RF), k-nearest neighbor (kNN) and decision trees (DT), whose accuracies are 67.21%, 73.38%, 73.40%, 78.59%, 69.53% and 68.60%, respectively. kNN, SVM and DT do not perform well when noisy data are used for classification. Additionally, other dynamic scenarios affect the attitude of magnetic data and degrade the performance of SVM, RI and GBM. NB and RF prove to be more noise tolerant and environment adaptable and perform very well in dynamic scenarios. Keeping in view the performance of these classifiers, an ensemble-based stacking scheme is presented, which utilizes DT and RI as the base learners and naive Bayes as the ensemble classifier. This approach is able to achieve an accuracy of 85.30% using the magnetic data of the smartphone magnetic sensor. Moreover, with an increase in training data, the accuracy of the stacking scheme can be elevated by 0.83%. The performance of the proposed approach is compared with GPS-, Wi-Fi- and light sensor-based IO detection.
... Los relevamientos de iluminación laboral requieren conocer la cantidad de luz que llega al plano de trabajo desde las fuentes de iluminación ubicadas a una determinada distancia (Iluminancia medida en Lux o en Pie Candelas) por medio de un luxómetro, cuyo precio en nuestro mercado varía entre 1500 y 75000 pesos, dependiendo de su homologación, prestaciones y especificaciones. Para medir iluminación desde los teléfonos inteligentes, hay tres aproximaciones diferentes: (i) Por medio del sensor que algunos dispositivos poseen para ajustar el brillo de la pantalla según las condiciones lumínicas del entorno, para disminuir el uso de batería y optimizar la visualización de la pantalla (Spreitzer, 2014). Esta es la estrategia más utilizada por las aplicaciones Android; (ii) Por medio de la cámara de fotos integrada al dispositivo. ...
Conference Paper
Full-text available
Objetivo. Determinar la exactitud de distintas aplicaciones de medición de iluminancia a partir de la comparación sistemática con un patrón de referencia y analizar la conveniencia de su uso en la práctica cotidiana de la ergonomía. Método. En un entorno oscuro con una única fuente de iluminación (LED 24W 6000K, CRI>70) se contrastaron los valores de iluminancia obtenidos con un luxómetro profesional como patrón áureo, con las lecturas de iluminancia de tres aplicaciones Android para la medición de iluminación, instaladas en dos dispositivos móviles, en 16 escenarios definidos por niveles decrecientes de iluminación (rango 7495 a 19 lux). Para cada escenario, por aplicación y dispositivo se calculó el error porcentual. Resultados. Con un error medio de 81,4%, los resultados obtenidos son consistentes con los ya reportados en la literatura. El comportamiento de la curva de error sugiere es que éste no se asocia al nivel de iluminancia en sí mismo, sino a su distancia al nivel de calibración. Hay mayor incertidumbre sobre el valor real de iluminancia cuando es medida con aplicaciones respecto a un luxómetro, sin diferencias en el error de medición entre aplicaciones. Una adecuada selección de la iluminancia de calibración, en función de los valores a relevar, disminuirá en la práctica el error de medición. Conclusión. A pesar de este panorama inicial desalentador, son esperables mejoras de hardware en los sensores integrados y externos con esferas integradoras. Respecto al software, los algoritmos de calibración tienen potencial para mejorar el desempeño de las aplicaciones. A partir de nuestros resultados obtenidos sugerimos prescindir de un único factor de calibración en favor de curvas de respuesta específicas por dispositivo. El objetivo a alcanzar es un 10% de error de medición, comparable a un luxómetro de bajo costo. Se recomienda seleccionar las aplicaciones considerando también aspectos relativos a su usabilidad Palabras clave: Aplicaciones móviles, luxómetro, medición iluminancias, teléfonos inteligentes
... The receiver part comprises of light sensor to easily detect the light of smartphone's flash. In this proposed part, the following light detector sensors are experienced: Case 1: In 1 st case, using one of built-in smartphone sensor, which is called ambient light sensor [14]. Many smartphones are equipped with this type of sensor, which is used to sense the intensity of ambient light. ...
... The most abundant attacks reported are noninvasive attacks. While there have been "exotic" means of executing this attack, by using acoustics [Deepa et al, 2013], [Narain et al, 2014], [Gupta et al, 2016] or light [Spreitzer, 2014] to produce useful data, the most versatile parameters to exploit the security of the chip are timing, power consumption, and electromagnetic (EM) emissions [Narain et al, 2014]. Power Analysis (PA) is a pioneering method in SCA, and most of the techniques used to analyze power emission data can be applied to data collected through EM. ...
Preprint
Full-text available
Over the past decades, quantum technology has seen consistent progress, with notable recent developments in the field of quantum computers. Traditionally, this trend has been primarily seen as a serious risk for cryptography; however, a positive aspect of quantum technology should also be stressed. In this regard, viewing this technology as a resource for honest parties rather than adversaries, it may enhance not only the security, but also the performance of specific cryptographic schemes. While considerable effort has been devoted to the design of quantum-resistant and quantum-enhanced schemes, little effort has been made to understanding their physical security. Physical security deals with the design and implementation of security measures fulfilling the practical requirements of cryptographic primitives, which are equally essential for classic and quantum ones. This survey aims to draw greater attention to the importance of physical security, with a focus on secure key generation and storage as well as secure execution. More specifically, the possibility of performing side-channel analysis in the quantum world is discussed and compared to attacks launched in the classic world. Besides, proposals for quantum random number generation and quantum physically unclonable functions are compared to their classic counterparts and further analyzed to give a better understanding of their features, advantages, and shortcomings. Finally, seen from these three perspectives, this survey provides an outlook for future research in this direction.
... When a user types on a smart device, the intensity of the light sensor changes, which is different from the normal mode than a typing mode. The attacker investigates these changes to infer the user input in smart devices [40,41]. Tracking and accessing changes in lighting conditions of the users' environment raises security and privacy issues like information leaks, behavior analysis and cross-device linking [42]. ...
Article
Full-text available
Sensors play a vital role in the smartphone for sensing-enabled mobile activities and applications. Different sources, like mobile applications and websites, access the sensors and use them for various purposes. The user needs permission to access the permission-imposed sensors. Using the generic sensor application programming interface, the user can access the no-permission-imposed sensors directly without any permission. Attackers target these sensors and make the smartphones vulnerable at the application, device and network levels. The attackers access the sensor’s information and use it for different purposes like personal identification number identification and user personal information theft. This paper presents STMAD, a novel allowlist-based intrusion prevention system to mitigate sensor-based threats on smartphones by detecting malicious access of an attacker through different channels. STMAD functions as a lightweight preventive mechanism for all sensors on the smartphone and preventing attackers from accessing sensors maliciously. The experimental results show that the proposed defense mechanism is more efficient and consumes minimal overhead. An informal security analysis also proved that the STMAD protects against various attacks.
... device ID [21,25,26], user activity [11,38] including conversations [50] and video [17], all of which have been subject of attacks and leaks. Beyond explicitly gathered data, the sensors on these devices can often be configured or coaxed into providing sensitive information such as user conversation, location, and activity beyond their original design [42,43,51,59]. The fact that such attacks are now common is not surprising: as vendors add more functionality, the software base that, often, must be trusted has grown to millions of lines of code, and the data that can be stolen is highly lucrative. ...
Preprint
Reliable on-off control of peripherals on smart devices is a key to security and privacy in many scenarios. Journalists want to reliably turn off radios to protect their sources during investigative reporting. Users wish to ensure cameras and microphones are reliably off during private meetings. In this paper, we present SeCloak, an ARM TrustZone-based solution that ensures reliable on-off control of peripherals even when the platform software is compromised. We design a secure kernel that co-exists with software running on mobile devices (e.g., Android and Linux) without requiring any code modifications. An Android prototype demonstrates that mobile peripherals like radios, cameras, and microphones can be controlled reliably with a very small trusted computing base and with minimal performance overhead.
... Digital activity inference. This class includes a wide range of attacks, with prior work [14,16,17,30,37,46,56,64,72] showing that sensor information (including the Accelerometer and Gyroscope) can be used to predict what the user is typing on the smartphone's touchscreen(e.g., [46,56]). This is possible because typing leads to changes in the position of the screen, its orientation and the device's motion. ...
Conference Paper
Smartphone sensors can be leveraged by malicious apps for a plethora of different attacks, which can also be deployed by malicious websites through the HTML5 WebAPI. In this paper we provide a comprehensive evaluation of the multifaceted threat that mobile web browsing poses to users, by conducting a large-scale study of mobile-specific HTML5 WebAPI calls used in the wild. We build a novel testing infrastructure consisting of actual smartphones on top of a dynamic Android app analysis framework, allowing us to conduct an end-to-end exploration. Our study reveals the extent to which websites are actively leveraging the WebAPI for collecting sensor data, with 2.89% of websites accessing at least one mobile sensor. To provide a comprehensive assessment of the potential risks of this emerging practice, we create a taxonomy of sensor-based attacks from prior studies, and present an in-depth analysis by framing our collected data within that taxonomy. We find that 1.63% of websites could carry out at least one of those attacks. Our findings emphasize the need for a standardized policy across browsers and the ability for users to control what sensor data each website can access.
... Light sensor readings also change while a user types on smart devices; hence, the user input in a smart device can be inferred by differentiating the light sensor data in normal and typing modes [30]. The light sensor can also be used as a medium to transfer malicious code and trigger message to activate a malware [7]. ...
Preprint
Full-text available
Sensors (e.g., light, gyroscope, accelerometer) and sensing-enabled applications on a smart device make the applications more user-friendly and efficient. However, the current permission-based sensor management systems of smart devices only focus on certain sensors and any App can get access to other sensors by just accessing the generic sensor Application Programming Interface (API). In this way, attackers can exploit these sensors in numerous ways: they can extract or leak users' sensitive information, transfer malware, or record or steal sensitive information from other nearby devices. In this paper, we propose 6thSense, a context-aware intrusion detection system which enhances the security of smart devices by observing changes in sensor data for different tasks of users and creating a contextual model to distinguish benign and malicious behavior of sensors. 6thSense utilizes three different Machine Learning-based detection mechanisms (i.e., Markov Chain, Naive Bayes, and LMT). We implemented 6thSense on several sensor-rich Android-based smart devices (i.e., smart watch and smartphone) and collected data from typical daily activities of 100 real users. Furthermore, we evaluated the performance of 6thSense against three sensor-based threats: (1) a malicious App that can be triggered via a sensor, (2) a malicious App that can leak information via a sensor, and (3) a malicious App that can steal data using sensors. Our extensive evaluations show that the 6thSense framework is an effective and practical approach to defeat growing sensor-based threats with an accuracy above 96% without compromising the normal functionality of the device. Moreover, our framework reveals minimal overhead.
... Other than that, there are still features not dealt with, such as ambient light sensor (ALS), proximity sensor, front camera, sound receiver, …etc. ALS is for measuring ambient light intensity and then adjust the appropriate screen backlight intensity [2][3][4]. Proximity sensor is for detecting the intensity of the reflection of infrared (IR) and determining whether the object is in close range [5][6]. Front camera is for self-taken photograph and video. ...
Article
Full-text available
In the smartphone industry, there is a clear trend of developing high screen-to-body ratio display. In order to achieve this demand, we proposed the idea of integrating photo sensing devices into display panels. The photosensitive characteristic of amorphous silicon (a-Si) gap-type thin film transistors (TFTs) is reviewed and the applicability is examined from the viewpoints of ambient light sensor (ALS) and proximity sensor. The advantages and feasibility of this idea are fully investigated.
... In [155], a light side-channel attack has been proposed based on the data harvested from an ambient light sensor. The author has shown that light intensity recorded by this sensor changes with finger tapping position on the touchscreen. ...
Article
Full-text available
Smart devices industrial technology allowed developers and designers to embed different sensors, processors and memories in small size electronic device. Sensors are added to enhance the usability of these devices and improve the quality of experience through data collection. However, with the era of big-data and machine learning algorithms, sensors' data may be manipulated by different techniques to infer various hidden information. The extracted information may be beneficial to devices' users, developers and designers to enhance the management, operation, and development of these devices. However, the extracted information may be used to compromise the security and the privacy of humans in the era of Internet of everything (IoE). In this work, we attempt to review the process of inferring meaningful data from smart devices' sensors, especially, smartphones. In addition, different useful applications of machine learning based on smartphones sensors data are shown. Moreover, different side channel attacks utilizing the same sensors and the same machine learning algorithms are overviewed.
... The same kind of data can also be exploited to infer graphical password patterns [5]. As demonstrated by Spreitzer [53], even ambient-light sensors in mobile devices may leak sensitive user inputs such as the personal identification number (PIN). ...
Conference Paper
Full-text available
A growing number of sensors, embedded in wearables, smart electric meters and other connected devices, is surrounding us and reaching ever deeper into our private lives. While some sensors are commonly regarded as privacy-sensitive and always require user permission to be activated, others are less protected and less worried about. However, experimental research findings indicate that many seemingly innocuous sensors can be exploited to infer highly sensitive information about people in their vicinity. This paper reviews existing evidence from the literature and discusses potential implications for consumer privacy. Specifically, the analysis reveals that certain insufficiently protected sensors in smart devices allow inferences about users’ locations, activities and real identities, as well as about their keyboard and touchscreen inputs. The presented findings call into question the adequacy of current sensor access policies. It is argued that most data captured by smart consumer devices should be classified as highly sensitive by default. An introductory overview of sensors commonly found in these devices is also provided, along with a proposed classification scheme.
... In high-security contexts, algorithms, software, and hardware are carefully designed to eliminate as many side-channels as possible. This seems to be a never-ending battle, as attacks have been demonstrated using an amazing variety of measurements, including electromagnetic emissions [1], energy consumption [21], power lines [11], microphones [10], high resolution cameras [8], IR photon detectors [6], and even the ambient light sensor of smartphones [32]. Timing attacks use time itself as the measurable property, inferring confidential information by differential analysis of the varying time required to execute operations on or related to secret information. ...
Preprint
The recent discovery of the Spectre and Meltdown attacks represents a watershed moment not just for the field of Computer Security, but also of Programming Languages. This paper explores speculative side-channel attacks and their implications for programming languages. These attacks leak information through micro-architectural side-channels which we show are not mere bugs, but in fact lie at the foundation of optimization. We identify three open problems, (1) finding side-channels, (2) understanding speculative vulnerabilities, and (3) mitigating them. For (1) we introduce a mathematical meta-model that clarifies the source of side-channels in simulations and CPUs. For (2) we introduce an architectural model with speculative semantics to study recently-discovered vulnerabilities. For (3) we explore and evaluate software mitigations and prove one correct for this model. Our analysis is informed by extensive offensive research and defensive implementation work for V8, the production JavaScript virtual machine in Chrome. Straightforward extensions to model real hardware suggest these vulnerabilities present formidable challenges for effective, efficient mitigation. As a result of our work, we now believe that speculative vulnerabilities on today's hardware defeat all language-enforced confidentiality with no known comprehensive software mitigations, as we have discovered that untrusted code can construct a universal read gadget to read all memory in the same address space through side-channels. In the face of this reality, we have shifted the security model of the Chrome web browser and V8 to process isolation.
... The second flaw is that GPS sensor is the most power-hungry sensor compared to other smartphone sensors, and it has been shown in [15,16] that utilizing GPS consumes seven-times more energy than the accelerometer and gyroscope sensors accessible on a smartphone. Furthermore, the GPS signal needs a period of 10 to 35 s to fix its state after moving between the outdoor and indoor environment [17]. ...
Article
Full-text available
An automatic, fast, and accurate switching method between Global Positioning System and indoor positioning systems is crucial to achieve current user positioning, which is essential information for a variety of services installed on smart devices, e.g., location-based services (LBS), healthcare monitoring components, and seamless indoor/outdoor navigation and localization (SNAL). In this study, we proposed an approach to accurately detect the indoor/outdoor environment according to six different daily activities of users including walk, skip, jog, stay, climbing stairs up and down. We select a number of features for each activity and then apply ensemble learning methods such as Random Forest, and AdaBoost to classify the environment types. Extensive model evaluations and feature analysis indicate that the system can achieve a high detection rate with good adaptation for environment recognition. Empirical evaluation of the proposed method has been verified on the HASC-2016 public dataset, and results show 99% accuracy to detect environment types. The proposed method relies only on the daily life activities data and does not need any external facilities such as the signal cell tower or Wi-Fi access points. This implies the applicability of the proposed method for the upper layer applications.
... Light sensor readings also change while a user types on smart devices; hence, the user input in a smart device can be inferred by differentiating the light sensor data in normal and typing modes [30]. The light sensor can also be used as a medium to transfer malicious code and trigger message to activate a malware [7]. ...
Article
Full-text available
Sensors and sensing-enabled applications on a smart device make the applications more user-friendly and efficient. However, the current permission-based sensor management systems of smart devices only focus on certain sensors and any App can get access to other sensors by just accessing the generic sensor API. In this way, attackers can exploit these sensors in numerous ways. In this paper, we propose 6thSense, a context-aware intrusion detection system which enhances the security of smart devices by observing changes in sensor data for different tasks of users and creating a contextual model to distinguish benign and malicious behavior of sensors. 6thSense utilizes different Machine Learning-based detection mechanisms (i.e., Markov Chain, Naive Bayes, and LMT). We implemented 6thSense on a sensor-rich Android-based smart watch and smartphone and collected data from typical daily activities of 100 real users. Furthermore, we evaluated the performance of 6thSense against three different sensor-based adversaries. Our extensive evaluations show that the 6thSense framework is an effective and practical approach to defeat growing sensor-based threats with an accuracy above 96% without compromising the normal functionality of the device. Moreover, our framework reveals minimal overhead.
... The receiver part comprises of light sensor to easily detect the light of smartphone's flash. In this proposed part, the following light detector sensors are experienced: Case 1: In 1 st case, using one of built-in smartphone sensor, which is called ambient light sensor [14]. Many smartphones are equipped with this type of sensor, which is used to sense the intensity of ambient light. ...
Research
Full-text available
Light fidelity (Li-Fi) technology is a wireless communication system that utilizes visible light spectrum to transmit data with high speed and secure manner compared to the traditional Wireless Fidelity (Wi-Fi) architecture. In this paper a smartphone is used in Li-Fi communication system. The aim of this proposed approach is to maximize the bit rate with high accuracy by using the flashlight of built-in smartphone camera as a source to send data and detect the effect of using a built-in smartphone ambient light sensor and external light detector sensors that is connected to Arduino UNO circuit to receive data. Four practical experiments were conducted to discover which light sensor accomplish higher data bit rate and tested the system performance under changing the distance between transmitter and receiver. The evaluation results demonstrated that the data bit rate is better with the proposed research than the others, where it reached more than 100 bps with accuracy 100%.
... IoT cihazlardaki algılayıcılara yönelik saldırılarda, Bilgi Sızıntısı saldırısı tuş arabirimi ile gerçekleştirilebilir. Dokunmatik ekran, dokunmatik yüzey veya klavyeye dokunduğunda saldırgan bu veriyi alarak PIN veya şifre bilgisini, sistemin daha önce kaydettiği veritabanındaki önceki bilgilerle birleştirerek çözebilir. Örneğin, "PIN Alma" saldırısı ile ışık ortamındaki veri ve RGBW(kırmızı, yeşil, mavi ve beyaz) algılayıcısı verisi kullanılarak akıllı telefonun PIN girişi elde edilmiştir [70]. Sistemdeki hareket-manyetikakustik algılayıcılardan, GPS'den, kameradan alınan bilgilerle de bilgi sızıntısı saldırısı yapılabilmektedir [10]. ...
Article
Full-text available
IoT (Internet of Things) ya da diğer adıyla Nesnelerin İnterneti kavramı, internete bağlanan ve diğer cihazlarla iletişimde olan her nesneyi kapsamaktadır. Artık hayatımızın bir parçası haline gelecek otonom araçlar, akıllı buzdolabılar, akıllı çamaşır makineleri, akıllı tost makineleri, akıllı saatler gibi birçok IoT cihazı birbiriyle farklı kablosuz ağ teknolojilerini kullanarak haberleşebilirler. IoT cihazların birçok kritik alanda kullanılmasıyla birlikte IoT güveniğine karşı yapılan saldırılar da artmıştır. Bu saldırılarda IoT katmanlarına yapılarak veri gizliliği, veri bütünlüğü, veri tazeliği, veri erişilebilirliği, kimlik doğrulama gibi kriterler ihlal edilebilmektedir. Bu saldırıları önlemek amacıyla birçok güvenlik çözümü önerilmiştir, fakat sınırlı enerji, kısıtlı batarya süresi, zayıf işlemci gücü ve sınırlı hafıza gibi sınırlamalardan dolayı düşük güçlü IoT cihazlar üzerinde geleneksel güvenlik yöntemlerinin uygulanması mümkün değildir. Bu çalışmada, IoT cihazların güvenliğini tehdit eden saldırılar incelenerek, ağ katmanlarına göre detaylı şekilde sınıflandırılmış ve savunma teknikleri önerilmiştir.
... -There are Others Mobile Sensors less obvious but also useful for modeling human machine interactions such as the light sensor, which measures the ambient-light level that the smartphone is exposed to. In [29] the authors demonstrate that minor tilts and turns in the smartphone cause variations of the ambient-light sensor information. These variations leak enough information to authenticate personal identification numbers. ...
Conference Paper
Full-text available
In this paper we list the sensors commonly available in modern smartphones and provide a general outlook of the different ways these sensors can be used for modeling the interaction between human and smartphones. We then provide a taxonomy of applications that can exploit the signals originated by these sensors in three different dimensions, depending on the main information content embedded in the signals exploited in the application: neuromotor skills, cognitive functions, and behaviors/routines. We then summarize a representative selection of existing research datasets in this area, with special focus on applications related to user authentication, including key features and a selection of the main research results obtained on them so far. Then, we perform the experimental work using the HuMIdb database (Human Mobile Interaction database), a novel multimodal mobile database that includes 14 mobile sensors captured from 600 participants. We evaluate a biometric authentication system based on simple linear touch gestures using a Siamese Neural Network architecture. Very promising results are achieved with accuracies up to 87% for person authentication based on a simple and fast touch gesture.
... Still, many microarchitectural properties can be inferred from JavaScript [54], [29], [64], [41], [26], [25], [23], [36]. Moreover, sensors found on many mobile devices as well as modern browsers, introduce side channels which can be exploited from JavaScript [67], [44], [52]. It has also been shown that microarchitectual properties can be used for fingerprinting [46]. ...
... Other physical attacks on sensors rely on multiple sensors to function. One of the most researched examples is keystroke inference on devices with unprotected sensors [123]- [137]. While keystroke inference research centers around mobile devices, it may be relevant to E-IoT. ...
Article
As technology becomes more widely available, millions of users worldwide have installed some form of smart device in their homes or workplaces. These devices are often off-the-shelf commodity systems, such as Google Home or Samsung SmartThings, that are installed by end-users looking to automate a small deployment. In contrast to these “plug-and-play” systems, purpose-built Enterprise Internet-of-Things (E-IoT) systems such as Crestron, Control4, RTI, Savant offer a smart solution for more sophisticated applications (e.g., complete lighting control, A/V management, security). In contrast to commodity systems, E-IoT systems are usually closed source, costly, require certified installers, and are overall more robust for their use cases. Due to this, E-IoT systems are often found in expensive smart homes, government and academic conference rooms, yachts, and smart private offices. However, while there has been plenty of research on the topic of commodity systems, no current study exists that provides a complete picture of E-IoT systems, their components, and relevant threats. As such, lack of knowledge of E-IoT system threats, coupled with the cost of E-IoT systems has led many to assume that E-IoT systems are secure. To address this research gap, raise awareness on E-IoT security, and motivate further research, this work emphasizes E-IoT system components, E-IoT vulnerabilities, solutions, and their security implications. In order to systematically analyze the security of E-IoT systems, we divide E-IoT systems into four layers: E-IoT Devices Layer, Communications Layer, Monitoring and Applications Layer, and Business Layer. We survey attacks and defense mechanisms, considering the E-IoT components at each layer and the associated threats. In addition, we present key observations in state-of-the-art E-IoT security and provide a list of open research problems that need further research.
... When users put their PINs or type something in the touchpad, attackers can capture the data maliciously from the device and collate these data with the database to decode keystroke information. As an example, some researchers developed a method named PIN Skimming to use the data from an ambient light sensor and RGBW (red, green, blue and white) sensor to extract PIN input of the smartphone [100]. ...
Article
Full-text available
Modern electronic devices have become “smart" as well as omnipresent in our day-to-day lives. From small household devices to large industrial machines, smart devices have become very popular in every possible application domain. Smart devices in our homes, offices, buildings, and cities can connect with other devices as well as with the physical world around them. This increasing popularity has also placed smart devices as the center of attention among attackers. Already, several types of malicious activities exist that attempt to compromise the security and privacy of smart devices. One interesting and noteworthy emerging threat vector is the attacks that abuse the use of sensors on smart devices. Smart devices are vulnerable to sensor-based threats and attacks due to the lack of proper security mechanisms available to control the use of sensors by installed apps. By exploiting the sensors (e.g., accelerometer, gyroscope, microphone, light sensor, etc.) on a smart device, attackers can extract information from the device, transfer malware to a device, or trigger a malicious activity to compromise the device. In this paper, we explore various threats and attacks abusing sensors of smart devices for malicious purposes. Specifically, we present a detailed survey about existing sensor-based threats and attacks to smart devices and countermeasures that have been developed to secure smart devices from sensor-based threats. Furthermore, we discuss security and privacy issues of smart devices in the context of sensor-based threats and attacks and conclude with future research directions.
... -There are Others Mobile Sensors less obvious but also useful for modeling human machine interactions such as the light sensor, which measures the ambient-light level that the smartphone is exposed to. In [29] the authors demonstrate that minor tilts and turns in the smartphone cause variations of the ambient-light sensor information. These variations leak enough information to authenticate personal identification numbers. ...
Preprint
In this paper we list the sensors commonly available in modern smartphones and provide a general outlook of the different ways these sensors can be used for modeling the interaction between human and smartphones. We then provide a taxonomy of applications that can exploit the signals originated by these sensors in three different dimensions, depending on the main information content embedded in the signals exploited in the application: neuromotor skills, cognitive functions, and behaviors/routines. We then summarize a representative selection of existing research datasets in this area, with special focus on applications related to user authentication, including key features and a selection of the main research results obtained on them so far. Then, we perform the experimental work using the HuMIdb database (Human Mobile Interaction database), a novel multimodal mobile database that includes 14 mobile sensors captured from 600 participants. We evaluate a biometric authentication system based on simple linear touch gestures using a Siamese Neural Network architecture. Very promising results are achieved with accuracies up to 87% for person authentication based on a simple and fast touch gesture.
... The most abundant attacks reported are noninvasive attacks. While there have been "exotic" means of executing this attack, by using acoustics [Deepa et al, 2013], [Narain et al, 2014], [Gupta et al, 2016] or light [Spreitzer, 2014] to produce useful data, the most versatile parameters to exploit the security of the chip are timing, power consumption, and electromagnetic (EM) emissions [Narain et al, 2014]. Power Analysis (PA) is a pioneering method in SCA, and most of the techniques used to analyze power emission data can be applied to data collected through EM. ...
Article
Full-text available
Over the past decades, quantum technology has seen consistent progress, with notable recent developments in the field of quantum computers. Traditionally, this trend has been primarily seen as a serious risk for cryptography; however, a positive aspect of quantum technology should also be stressed. In this regard, viewing this technology as a resource for honest parties rather than adversaries, it may enhance not only the security, but also the performance of specific cryptographic schemes. While considerable effort has been devoted to the design of quantum-resistant and quantum-enhanced schemes, little effort has been made to understanding their physical security. Physical security deals with the design and implementation of security measures fulfilling the practical requirements of cryptographic primitives, which are equally essential for classic and quantum ones. This survey aims to draw greater attention to the importance of physical security, with a focus on secure key generation and storage as well as secure execution. More specifically, the possibility of performing side-channel analysis in the quantum world is discussed and compared to attacks launched in the classic world. Besides, proposals for quantum random number generation and quantum physically unclonable functions are compared to their classic counterparts and further analyzed to give a better understanding of their features, advantages, and shortcomings. Finally, seen from these three perspectives, this survey provides an outlook for future research in this direction.
... Other physical attacks on sensors rely on multiple sensors to function. One of the most researched examples is keystroke inference on devices with unprotected sensors [127]- [141]. While keystroke inference research centers around mobile devices, it may be relevant to E-IoT. ...
Preprint
Full-text available
As technology becomes more widely available, millions of users worldwide have installed some form of smart device in their homes or workplaces. These devices are often off-the-shelf commodity systems, such as Google Home or Samsung SmartThings, that are installed by end-users looking to automate a small deployment. In contrast to these "plug-and-play" systems, purpose-built Enterprise Internet-of-Things (E-IoT) systems such as Crestron, Control4, RTI, Savant offer a smart solution for more sophisticated applications (e.g., complete lighting control, A/V management, security). In contrast to commodity systems, E-IoT systems are usually closed source, costly, require certified installers, and are overall more robust for their use cases. Due to this, E-IoT systems are often found in expensive smart homes, government and academic conference rooms, yachts, and smart private offices. However, while there has been plenty of research on the topic of commodity systems, no current study exists that provides a complete picture of E-IoT systems, their components, and relevant threats. As such, lack of knowledge of E-IoT system threats, coupled with the cost of E-IoT systems has led many to assume that E-IoT systems are secure. To address this research gap, raise awareness on E-IoT security, and motivate further research, this work emphasizes E-IoT system components, E-IoT vulnerabilities, solutions, and their security implications. In order to systematically analyze the security of E-IoT systems, we divide E-IoT systems into four layers: E-IoT Devices Layer, Communications Layer, Monitoring and Applications Layer, and Business Layer. We survey attacks and defense mechanisms, considering the E-IoT components at each layer and the associated threats. In addition, we present key observations in state-of-the-art E-IoT security and provide a list of open research problems that need further research.
... However, this is equally the disadvantage of the method since it is not adapted to reflectance measurements from assays based on dry chemistry. Additionally, ALS resolution on smartphones can be quite low (around 1 lux [50]). ALS with better resolution (under 0.005 lx) exists but is generally not integrated in smartphones but sold as separate, be it very compact, devices [51]. ...
Article
Full-text available
Smartphone based devices (SBDs) have the potential to revolutionise food safety control by empowering citizens to perform screening tests. To achieve this, it is of paramount importance to understand current research efforts and identify key technology gaps. Therefore, a systematic review of optical SBDs in the food safety sector was performed. An overview of reviewed SBDs is given focusing on performance characteristics as well as image analysis procedures. The state-of-the-art on commercially available SBDs is also provided. This analysis revealed several important technology gaps, the most prominent of which are: (i) the need to reach a consensus regarding optimal image analysis, (ii) the need to assess the effect of measurement variation caused by using different smartphones and (iii) the need to standardize validation procedures to obtain robust data. Addressing these issues will drive the development of SBDs and potentially unlock their massive potential for citizen-based food control.
Article
In smartphones, sensors are fundamental components to sensing-enabled mobile activities and applications. Mobile applications and websites access the sensors and use them in a variety of ways. Permission is required to access permission-imposed sensors, while users can access no-permission imposed sensors directly without any permission by using the generic sensor application programming interface (API). An attacker targets these sensors and makes smartphones vulnerable at the application and network level. Attackers gain access to sensor information and use it for various purposes like identifying personal identification numbers (PINs) and stealing personal information. This paper presents BPLMSBT, a novel Blockchain-based permission list for mitigating smartphone sensor-based threats by allowing benign users to access sensors through various channels. The permission list contains benign sources with sensor access permissions, while the blacklist contains malicious sources that access the sensors. Blockchain avoids the risks of centralized lists and maintains the list’s integrity through the immutability feature. Experimental results indicate that the proposed defence mechanism consumes less overhead and is more efficient. An informal security analysis proved that the BPLMSBT is capable of protecting against various attacks.
Article
Sensors in the smartphone play a vital role in various user-friendly mobile services. The mobile application requires user permission to access the permission imposed sensors and not for other sensors. The sensors in the smartphone are vulnerable to various attacks. The attackers can exploit these sensors to trigger malware, extract the sensitive information of users and other nearby devices, and expose users’ confidential information. We propose SBTDDL, a novel context-aware framework for detecting sensor-based threats on Android smartphones using deep learning. In our work, a) we identify the sensor-based threats by using the state (on and off) of the sensors in the smartphone for different user activities, b) Binary classification is performed in the sequence prediction model to classify the benign and malicious activities on the device, c) SBTDDL performs better in detecting the sensor-based threats compared to the state-of-art existing methods by attaining the accuracy of 99% in identifying benign and malicious activities, d) SBTDDL also detects the malicious activity occurring like benign activity, and the performance is not affected when the total number of benign and malicious activities increases.
Conference Paper
Full-text available
RESUMEN El objetivo de este estudio es proponer criterios de calibración que permitan minimizar el error en la medición de iluminancia utilizando teléfonos móviles, a partir de la comparación sistemática con un patrón áureo. Para ello se contrastaron los valores de iluminancia obtenidos con un luxómetro profesional como patrón áureo, con las lecturas de iluminancia de cuatro aplicaciones Android para la medición de iluminación, instaladas en dos dispositivos móviles, en 17 niveles de iluminancia, desde los 20 lx hasta los 10000 lx variando la distancia a una única fuente de iluminación (LED 24W 6000K, CRI>70). Se calculó el error de lectura directa por dispositivo y por aplicación, cuyos promedios se ubicaron entre 28,36% y 41,77%. La variabilidad inter-dispositivo e inter-aplicación observada no tuvo significación estadística. Luego se aplicaron dos criterios de calibración diferentes a los encontrados en la literatura: El primero de ellos por medio de un único factor de corrección, calculado a partir del valor medio del rango de iluminancia este estudio. Con este criterio se logró un error promedio de-0,45% (DS=1,60). El segundo criterio utilizó una función de potencia para ajustar los datos del dispositivo móvil al patrón áureo, lográndose un error promedio de-0,08% (DS=0,21). Los valores obtenidos mejoran los obtenidos por medio del criterio de ajuste al valor mínimo utilizado en estudios previos. Se discuten las ventajas y desventajas de ambos criterios de calibración y se finaliza dando consideraciones en relación al error tolerable en distintas situaciones prácticas. El objetivo es lograr con un dispositivo móvil, un error comparable al de un luxómetro de bajo costo. ABSTRACT The objective of this study is to propose calibration criteria in order to minimize illuminance measurement errors using mobile phones, upon a systematic comparison with a gold standard. Readings from of a professional luxmeter were compared with the illuminance readings of four Android applications for lighting measurement, installed on two mobile devices, at 17 illuminance levels, from 20 lx to 20 lx. 10,000 lx varying the distance to a single light source (LED 24W 6000K, CRI> 70). The direct reading error was calculated by device and by application, whose averages were between 28.36% and 41.77%. There was inter-device and inter-application variability, which was not statistically significant. Then, two novel calibration criteria were applied: The first one was based on a single correction factor, which was calculated from the mean value of the illuminance range in this study. With this criterion, we achieved a mean error of-0.45% (SD = 1.60). The second criterion used a power function to adjust the data from the mobile device to the gold standard, achieving an average error of-0.08% (SD = 0.21). Our results were better than those obtained
Thesis
Full-text available
This doctoral dissertation introduces novel security frameworks to detect sensor-based threats on smart devices and applications in smart settings such as smart home, smart office, etc. First, we present a formal taxonomy and in-depth impact analysis of existing sensor-based threats to smart devices and applications based on attack characteristics, targeted components, and capabilities. Then, we design a novel context-aware intrusion detection system, 6thSense, to detect sensor-based threats in standalone smart devices (e.g., smartphone, smart watch, etc.). 6thSense considers user activitysensor co-dependence in standalone smart devices to learn the ongoing user activity contexts and builds a context-aware model to distinguish malicious sensor activities from benign user behavior. Further, we develop a platform-independent contextaware security framework, Aegis, to detect the behavior of malicious sensors and devices in a connected smart environment (e.g., smart home, offices, etc.). Aegis observes the changing patterns of the states of smart sensors and devices for user activities in a smart environment and builds a contextual model to detect malicious activities considering sensor-device-user interactions and multi-platform correlation. Then, to limit unauthorized and malicious sensor and device access, we present, Kratos, a multi-user multi-device-aware access control system for smart environment and devices. Kratos introduces a formal policy language to understand diverse user demands in smart environment and implements a novel policy negotiation algorithm to automatically detect and resolve conflicting user demands and limit unauthorized access. For each contribution, this dissertation presents novel security mechanisms and techniques that can be implemented independently or collectively to secure sensors in real-life smart devices, systems, and applications. Moreover, each contribution is supported by several user and usability studies we performed to understand the needs of the users in terms of sensor security and access control in smart devices and improve the user experience in these real-time systems.
Preprint
Full-text available
We present the first acoustic side-channel attack that recovers what users type on the virtual keyboard of their touch-screen smartphone or tablet. When a user taps the screen with a finger, the tap generates a sound wave that propagates on the screen surface and in the air. We found the device's microphone(s) can recover this wave and "hear" the finger's touch, and the wave's distortions are characteristic of the tap's location on the screen. Hence, by recording audio through the built-in microphone(s), a malicious app can infer text as the user enters it on their device. We evaluate the effectiveness of the attack with 45 participants in a real-world environment on an Android tablet and an Android smartphone. For the tablet, we recover 61% of 200 4-digit PIN-codes within 20 attempts, even if the model is not trained with the victim's data. For the smartphone, we recover 9 words of size 7--13 letters with 50 attempts in a common side-channel attack benchmark. Our results suggest that it not always sufficient to rely on isolation mechanisms such as TrustZone to protect user input. We propose and discuss hardware, operating-system and application-level mechanisms to block this attack more effectively. Mobile devices may need a richer capability model, a more user-friendly notification system for sensor usage and a more thorough evaluation of the information leaked by the underlying hardware.
Chapter
Mobile web browsers are evolved to support the functionalities presented by HTML5. With the hardware accessibility of HTML5, it is now possible to access sensor hardware of a mobile device through a web page regardless of the need for a mobile application. In this paper, we analyze the security impact of accessing sensor hardware of a mobile device from mobile web page. First, we present the test results of hardware accessibility from mobile web browsers. Second, to raise awareness of the seriousness of hardware accessibility, we introduce a new POC attack LightTracker which infers the victim’s location using light sensor. We also show the effectiveness of the attack in real world.
Article
Apps on modern mobile operating systems can access various system resources with, or without, an explicit user permission. Although the OS generally maintains strict separation between apps, an app can still get access to another app’s private information, such as the user input, through numerous side-channels. For example, keystrokes and swipe gestures from a victim app can be inferred indirectly from the accelerometer or gyroscope output, allowing a zero-permission app to learn sensitive inputs such as passwords from the victim’s app. Current mobile OSes allow an app to defend itself in such situations only in some exceptional cases—e.g., by blocking screenshot captures in Android. In this article, we propose a general mechanism for apps to defend themselves from any unwanted implicit or explicit interference from other concurrently running apps. Our AppVeto solution enables an app developer to easily configure an app’s requirements for a safe environment; a foreground app can request the OS to disallow access—i.e., to enable veto powers—to selected side-channel-prone resources to all other running apps for a certain (short) duration, e.g., no access to the accelerometer during password input. In a sense, we enable a finer-grained access control policy than the current runtime permission model. We implement AppVeto on Android using the Xposed framework and Procedure Linkage Table hooking techniques, without changing Android APIs. Furthermore, we show that AppVeto imposes negligible overhead, while being effective against several well-known side-channel attacks—implemented via both Android Java and/or Native APIs.
Article
Full-text available
Internet-of-Things (IoT) is a technology that is extensively being used in various fields. Companies like Samsung, LG, and Apple are launching home appliances that use IoT as a part of their smart home business. Currently, Intelligent Things which combine artificial intelligence (AI) and IoT are being developed. Most of these devices are configured to collect and respond to human behavior (motion, voice, etc.) through built-in sensors. If IoT devices do not ensure high security, personal information could be leaked. This paper describes the IoT security threats that can cause information leakage from a hierarchical viewpoint of cyberspace. In addition, because these smart home-based IoT devices are closely related to human life, considering social damage is a problem. To overcome this, we propose a framework to measure the risk of IoT devices based on security scenarios that can occur in a smart home.
Article
Modern smartphone sensors can be leveraged for providing novel functionality and greatly improving the user experience. However, sensor data can be misused by privacy-invasive or malicious entities. Additionally, a wide range of other attacks that use mobile sensor data have been demonstrated; while those attacks have typically relied on users installing malicious apps, browsers have eliminated that constraint with the deployment of HTML5 WebAPI. In this article, we conduct a comprehensive evaluation of the multifaceted threat that mobile web browsing poses to users by conducting a large-scale study of mobile-specific HTML5 WebAPI calls across more than 183K of the most popular websites. We build a novel testing infrastructure consisting of actual smartphones on top of a dynamic Android app analysis framework, allowing us to conduct an end-to-end exploration. In detail, our system intercepts and tracks data access in real time, from the WebAPI JavaScript calls down to the Android system calls. Our study reveals the extent to which websites are actively leveraging the WebAPI for collecting sensor data, with 2.89% of websites accessing at least one sensor. To provide a comprehensive assessment of the risks of this emerging practice, we create a taxonomy of sensor-based attacks from prior studies and present an in-depth analysis by framing our collected data within that taxonomy. We find that 1.63% of websites can carry out at least one attack and emphasize the need for a standardized policy across all browsers and the ability for users to control what sensor data each website can access.
Patent
Full-text available
A smart device can include a data oriented sensor providing a numerical value , a logic oriented sensor providing a state , a sensor value collector connected to the data oriented sensor , a sensor logic state detector connected to the logic oriented sensor , a data processor connected to the sensor value collector and the sensor logic state detector , and a data analyzer connected to the data processor. The data processor can take the numerical value received from the sensor value collector , calculate an average value from the numerical value , sample the state receiving from the sensor logic state detector , and create an input matrix by using the average value and the sampled state. The data analyzer can receive the input matrix , train an analytical model , and check a data to indicate whether a state of the smart device is malicious or not .
Article
In the era of Internet-of-Things (IoT), people access many applications through smartphones for controlling smart devices. Therefore, such a centralized node must follow a robust access control mechanism so that an intruder cannot control the connected devices. Recent reports suggest that password can be used as an authentication factor for accessing the smart setups. However, this static information can be compromised under the light of different machine learning (ML) empowered attack mechanisms. Alarmingly, different sensors used in the IoT setup can also expose this static information to the adversaries. Password-based authentication that uses a challenge-response strategy is an effective solution for handling such threat scenarios. In this paper, at first, we show that no existing usable challengeresponse protocol is safe to be used in the public area network. Following this, we propose a challenge-response protocol that is more secure to use in the public domain. By using eight classifiers, we show that a learning-based threat specific to our protocol has a marginal impact on the method’ s security standard. The discussion in this paper also suggests that the proposed protocol has usability and security advantages compared to the existing state-of-the-art (e.g., reduces the number of interactions between the user and verifier by a factor of 0:5).
Article
In the era of advanced computer intelligence, Internet of Things (IoT) provides fantastic services to users. However, users are suffering a severe risk of private information inference, which is caused by the leakage of motion sensory data from IoT devices. Existing works of risk assessment of motion sensor based private information inference underestimates the risk because they ignore the possibility of using advanced Computational Intelligence techniques and the variety of languages with different input methods. In this paper, we assess the risk of motion sensor based private information inference by considering the variety of languages with different input methods, advanced Computational Intelligence techniques, and reinforcement learning of personal usage habits. We collect data from real users and run simulations to provide an authentic and up-to-date risk assessment. Based on the simulation result, we discuss the risky usage actions and possible defense strategies for the Internet of Things users.
Conference Paper
Modern mobile operating systems such as Android and Apple iOS allow apps to access various system resources, with or without explicit user permission. Running multiple concurrent apps is also commonly supported, although the OS generally maintains strict separation between apps. However, an app can still get access to another app's private information, such as the user input, through numerous side-channels, mostly enabled by having access to permissioned or permission-less (sometimes even unrelated) resources, e.g., inferring keystroke and swipe gestures from a victim app via the accelerometer or gyroscope. Current mobile OSes do not empower an app to defend itself from such implicit interference from other apps; few exceptions exist such as blocking screenshot captures in Android. We propose a general mechanism for apps to defend themselves from any unwanted implicit or explicit interference from other concurrently running apps. Our AppVeto solution enables an app to easily configure its requirements for a safe environment; a foreground app can request the OS to disallow access---i.e., to enable veto powers---to selected side-channel-prone resources to all other running apps for a certain (short) duration, e.g., no access to the accelerometer during password input. In a sense, we enable a finer-grained access control policy than the current runtime permission model, and delegate the responsibility of the resource access decision (for vetoing) from users to app developers. We implement AppVeto on Android using the Xposed framework, without changing Android APIs. Furthermore, we show that AppVeto imposes negligible overhead, while being effective against several well-known side-channel attacks.
Article
Mobile devices have brought a great convenience to us these years, which allow the users to enjoy the anytime and anywhere various applications such as the online shopping, Internet banking, navigation and mobile media. While the users enjoy the convenience and flexibility of the ”Go Mobile” trend, their sensitive private information (e.g., name and credit card number) on the mobile devices could be disclosed. An adversary could access the sensitive private information stored on the mobile device by unlocking the mobile devices. Moreover, the user’s mobile services and applications are all exposed to security threats. For example, the adversary could utilize the user’s mobile device to conduct non-permitted actions (e.g., making online transactions and installing malwares). The authentication on mobile devices plays a significant role to protect the user’s sensitive information on mobile devices and prevent any non-permitted access to the mobile devices. This paper surveys the existing authentication methods on mobile devices. In particular, based on the basic authentication metrics (i.e., knowledge, ownership and biometrics) used in existing mobile authentication methods, we categorize them into four categories, including the knowledge-based authentication (e.g., passwords and lock patterns), physiological biometric-based authentication (e.g., fingerprint and iris), behavioral biometrics-based authentication (e.g., gait and hand gesture), and two/multi-factor authentication. We compare the usability and security level of the existing authentication approaches among these categories. Moreover, we review the existing attacks to these authentication approaches to reveal their vulnerabilities. The paper points out that the trend of the authentication on mobile devices would be the multi-factor authentication, which determines the user’s identity using the integration (not the simple combination) of more than one authentication metrics. For example, the user’s behavior biometrics (e.g., keystroke dynamics) could be extracted simultaneously when he/she inputs the knowledge-based secrets (e.g., PIN), which can provide the enhanced authentication as well as sparing the user’s trouble to conduct multiple inputs for different authentication metrics.
Article
Full-text available
Introducing motion sensors into smartphon range of applications in human However, built-in sensors that detect accelerometers), might also reveal information about taps on touch screens main user input mode exploiting motion sensors as side most as initial explorations, much research is still needed to analyze the practicality of the new threat and e One important aspect the right combination of sensors, aspects also play crucial role (e.g. focusing on the comparison of different available sensors, in terms of the inference accuracy. We consider individual sensors shipped on Android phones, and study few options of preprocessing their raw datasets as well as fu several sensors' readings gyroscope, and the potential sensors with magnetometer component or the accelerometer alone have less benefit in the context of the adverted attack.
Conference Paper
Full-text available
One of Android's main defense mechanisms against malicious apps is a risk communication mechanism which, before a user installs an app, warns the user about the permissions the app requires, trusting that the user will make the right decision. This approach has been shown to be ineffective as it presents the risk information of each app in a "tand-alone" ashion and in a way that requires too much technical knowledge and time to distill useful information. We introduce the notion of risk scoring and risk ranking for Android apps, to improve risk communication for Android apps, and identify three desiderata for an effective risk scoring scheme. We propose to use probabilistic generative models for risk scoring schemes, and identify several such models, ranging from the simple Naive Bayes, to advanced hierarchical mixture models. Experimental results conducted using real-world datasets show that probabilistic general models significantly outperform existing approaches, and that Naive Bayes models give a promising risk scoring approach.
Article
Full-text available
Modern client platforms, such as iOS, Android, Windows Phone, Windows 8, and web browsers, run each application in an isolated environment with limited privileges. A pressing open problem in such systems is how to allow users to grant applications access to user-owned resources, e.g., to privacy- and cost-sensitive devices like the camera or to user data residing in other applications. A key challenge is to enable such access in a way that is non-disruptive to users while still maintaining least-privilege restrictions on applications. In this paper, we take the approach of user-driven access control, whereby permission granting is built into existing user actions in the context of an application, rather than added as an afterthought via manifests or system prompts. To allow the system to precisely capture permission-granting intent in an application's context, we introduce access control gadgets (ACGs). Each user-owned resource exposes ACGs for applications to embed. The user's authentic UI interactions with an ACG grant the application permission to access the corresponding resource. Our prototyping and evaluation experience indicates that user-driven access control is a promising direction for enabling in-context, non-disruptive, and least-privilege permission granting on modern client platforms.
Article
Full-text available
We show that accelerometer readings are a powerful side channel that can be used to extract entire sequences of entered text on a smart-phone touchscreen keyboard. This possibility is a concern for two main reasons. First, unauthorized access to one's keystrokes is a serious invasion of privacy as consumers increasingly use smartphones for sensitive transactions. Second, unlike many other sensors found on smartphones, the accelerometer does not require special privileges to access on current smartphone OSes. We show that accelerometer measurements can be used to extract 6-character passwords in as few as 4.5 trials (median).
Article
Full-text available
Android's permission system is intended to inform users about the risks of installing applications. When a user installs an application, he or she has the opportunity to review the application's permission requests and cancel the installation if the permissions are excessive or objectionable. We examine whether the Android permission system is effective at warning users. In particular, we evaluate whether Android users pay attention to, understand, and act on permission information during installation. We performed two usability studies: an Internet survey of 308 Android users, and a laboratory study wherein we interviewed and observed 25 Android users. Study participants displayed low attention and comprehension rates: both the Internet survey and laboratory study found that 17% of participants paid attention to permissions during installation, and only 3% of Internet survey respondents could correctly answer all three permission comprehension questions. This indicates that current Android permission warnings do not help most users make correct security decisions. However, a notable minority of users demonstrated both awareness of permission warnings and reasonable rates of comprehension. We present recommendations for improving user attention and comprehension, as well as identify open challenges.
Article
Full-text available
Touch screens are an increasingly common feature on personal computing devices, especially smartphones, where size and user interface advantages accrue from consolidating multiple hardware components (keyboard, number pad, etc.) into a single software definable user interface. Oily residues, or smudges, on the touch screen surface, are one side effect of touches from which fre-quently used patterns such as a graphical password might be inferred. In this paper we examine the feasibility of such smudge attacks on touch screens for smartphones, and focus our analysis on the Android password pattern. We first in-vestigate the conditions (e.g., lighting and camera orien-tation) under which smudges are easily extracted. In the vast majority of settings, partial or complete patterns are easily retrieved. We also emulate usage situations that in-terfere with pattern identification, and show that pattern smudges continue to be recognizable. Finally, we pro-vide a preliminary analysis of applying the information learned in a smudge attack to guessing an Android pass-word pattern.
Conference Paper
Full-text available
Android provides third-party applications with an extensive API that includes access to phone hardware, settings, and user data. Access to privacy- and security-relevant parts of the API is controlled with an install-time application permission system. We study Android applications to determine whether Android developers follow least privilege with their permission requests. We built Stowaway, a tool that detects overprivilege in compiled Android applications. Stowaway determines the set of API calls that an application uses and then maps those API calls to permissions. We used automated testing tools on the Android API in order to build the permission map that is necessary for detecting overprivilege. We apply Stowaway to a set of 940 applications and find that about one-third are overprivileged. We investigate the causes of overprivilege and find evidence that developers are trying to follow least privilege but sometimes fail due to insufficient API documentation.
Conference Paper
Full-text available
The security and privacy risks posed by smartphone sensors such as microphones and cameras have been well documented. However, the importance of accelerometers have been largely ignored. We show that accelerometer readings can be used to infer the trajectory and starting point of an individual who is driving. This raises concerns for two main reasons. First, unauthorized access to an individual's location is a serious invasion of privacy and security. Second, current smartphone operating systems allow any application to observe accelerometer readings without requiring special privileges. We demonstrate that accelerometers can be used to locate a device owner to within a 200 meter radius of the true location. Our results are comparable to the typical accuracy for handheld global positioning systems.
Conference Paper
Full-text available
We are currently moving from the Internet society to a mobile society where more and more access to information is done by previously dumb phones. For example, the number of mobile phones using a full blown OS has risen to nearly 200% from Q3/2009 to Q3/2010. As a result, mobile security is no longer immanent, but imperative. This survey paper provides a concise overview of mobile network security, attack vectors using the back end system and the web browser, but also the hardware layer and the user as attack enabler. We show differences and similarities between "normal" security and mobile security, and draw conclusions for further research opportunities in this area.
Chapter
This chapter will describe a method of deriving new PINs from existing passwords. This method is useful for obtaining friction-free user onboarding to mobile platforms. It has significant business benefits for organizations that wish to introduce mobile apps to existing users who already have passwords, but are reluctant to authenticate the users with the existing passwords. From the user’s perspective, a PIN is easier to enter than a password, and a derived PIN does not need to be remembered—assuming the user has a password and can recall it. In addition, even though the PINs are derived from passwords, they do not contain sufficient information to make the passwords easy to infer from compromised PINs. This, along with different transaction limits for PINs and passwords, makes the derived PINs more useful in a situation where users have to enter their PINs in public. We describe real-life password distributions to quantify exactly how much information about the passwords the derived PINs contain, and how much information is lost during the derivation. We also describe experiments with human subjects to qualitatively and quantitatively show that the user-side derivation method is easy to use.
Conference Paper
We provide the first published estimates of the difficulty of guessing a human-chosen 4-digit PIN. We begin with two large sets of 4-digit sequences chosen outside banking for online passwords and smart-phone unlock-codes. We use a regression model to identify a small num-ber of dominant factors influencing user choice. Using this model and a survey of over 1,100 banking customers, we estimate the distribution of banking PINs as well as the frequency of security-relevant behaviour such as sharing and reusing PINs. We find that guessing PINs based on the victims' birthday, which nearly all users carry documentation of, will enable a competent thief to gain use of an ATM card once for every 11– 18 stolen wallets, depending on whether banks prohibit weak PINs such as 1234. The lesson for cardholders is to never use one's date of birth as a PIN. The lesson for card-issuing banks is to implement a denied PIN list, which several large banks still fail to do. However, blacklists cannot effectively mitigate guessing given a known birth date, suggesting banks should move away from customer-chosen banking PINs in the long term.
Book
The goal of machine learning is to program computers to use example data or past experience to solve a given problem. Many successful applications of machine learning exist already, including systems that analyze past sales data to predict customer behavior, recognize faces or spoken speech, optimize robot behavior so that a task can be completed using minimum resources, and extract knowledge from bioinformatics data. Introduction to Machine Learning is a comprehensive textbook on the subject, covering a broad array of topics not usually included in introductory machine learning texts. It discusses many methods based in different fields, including statistics, pattern recognition, neural networks, artificial intelligence, signal processing, control, and data mining, in order to present a unified treatment of machine learning problems and solutions. All learning algorithms are explained so that the student can easily move from the equations in the book to a computer program. The book can be used by advanced undergraduates and graduate students who have completed courses in computer programming, probability, calculus, and linear algebra. It will also be of interest to engineers in the field who are concerned with the application of machine learning methods. After an introduction that defines machine learning and gives examples of machine learning applications, the book covers supervised learning, Bayesian decision theory, parametric methods, multivariate methods, dimensionality reduction, clustering, nonparametric methods, decision trees, linear discrimination, multilayer perceptrons, local models, hidden Markov models, assessing and comparing classification algorithms, combining multiple learners, and reinforcement learning.
Conference Paper
The success of Android phones makes them a prominent target for malicious software, in particular since the Android permission system turned out to be inadequate to protect the user against security and privacy threats. This work presents AppGuard, a powerful and flexible system for the enforcement of user-customizable security policies on untrusted Android applications. AppGuard does not require any changes to a smartphone's firmware or root access. Our system offers complete mediation of security-relevant methods based on callee-site inline reference monitoring. We demonstrate the general applicability of AppGuard by several case studies, e.g., removing permissions from overly curious apps as well as defending against several recent real-world attacks on Android phones. Our technique exhibits very little space and runtime overhead. AppGuard is publicly available, has been invited to the Samsung Apps market, and has had more than 500,000 downloads so far.
Conference Paper
Attacks that use side channels, such as sound and electromagnetic emanation, to infer keystrokes on physical keyboards are ineffective on smartphones without physical keyboards. We describe a new side channel, motion, on touch screen smartphones with only soft keyboards. Since typing on different locations on the screen causes different vibrations, motion data can be used to infer the keys being typed. To demonstrate this attack, we developed TouchLogger, an Android application that extracts features from device orientation data to infer keystrokes. TouchLogger correctly inferred more than 70% of the keys typed on a number-only soft keyboard on a smartphone. We hope to raise the awareness of motion as a significant side channel that may leak confidential data.
Conference Paper
As mobile devices become more widespread and powerful, they store more sensitive data, which includes not only users’ personal information but also the data collected via sensors throughout the day. When mobile applications have access to this growing amount of sensitive information, they may leak it carelessly or maliciously. Google’s Android operating system provides a permissions-based security model that restricts an application’s access to the user’s private data. Each application statically declares the sensitive data and functionality that it requires in a manifest, which is presented to the user upon installation. However, it is not clear to the user how sensitive data is used once the application is installed. To combat this problem, we present AndroidLeaks, a static analysis framework for automatically finding potential leaks of sensitive information in Android applications on a massive scale. AndroidLeaks drastically reduces the number of applications and the number of traces that a security auditor has to verify manually. We evaluate the efficacy of AndroidLeaks on 24,350 Android applications from several Android markets. AndroidLeaks found 57,299 potential privacy leaks in 7,414 Android applications, out of which we have manually verified that 2,342 applications leak private data including phone information, GPS location, WiFi data, and audio recorded with the microphone. AndroidLeaks examined these applications in 30 hours, which indicates that it is capable of scaling to the increasingly large set of available applications.
Conference Paper
Recent researches have shown that motion sensors may be used as a side channel to infer keystrokes on the touchscreen of smartphones. However, the practicality of this attack is unclear. For example, does this attack work on different devices, screen dimensions, keyboard layouts, or keyboard types? Does this attack depend on specific users or is it user independent? To answer these questions, we conducted a user study where 21 participants typed a total of 47,814 keystrokes on four different mobile devices in six settings. Our results show that this attack remains effective even though the accuracy is affected by user habits, device dimension, screen orientation, and keyboard layout. On a number-only keyboard, after the attacker tries 81 4-digit PINs, the probability that she has guessed the correct PIN is 65%, which improves the accuracy rate of random guessing by 81 times. Our study also indicates that inference based on the gyroscope is more accurate than that based on the accelerometer. We evaluated two classification techniques in our prototype and found that they are similarly effective.
Conference Paper
Modern smartphones are equipped with a plethora of sensors that enable a wide range of interactions, but some of these sensors can be employed as a side channel to surreptitiously learn about user input. In this paper, we show that the accelerometer sensor can also be employed as a high-bandwidth side channel; particularly, we demonstrate how to use the accelerometer sensor to learn user tap- and gesture-based input as required to unlock smartphones using a PIN/password or Android's graphical password pattern. Using data collected from a diverse group of 24 users in controlled (while sitting) and uncontrolled (while walking) settings, we develop sample rate independent features for accelerometer readings based on signal processing and polynomial fitting techniques. In controlled settings, our prediction model can on average classify the PIN entered 43% of the time and pattern 73% of the time within 5 attempts when selecting from a test set of 50 PINs and 50 patterns. In uncontrolled settings, while users are walking, our model can still classify 20% of the PINs and 40% of the patterns within 5 attempts. We additionally explore the possibility of constructing an accelerometer-reading-to-input dictionary and find that such dictionaries would be greatly challenged by movement-noise and cross-user training.
Conference Paper
Application platforms provide applications with access to hardware (e.g., GPS and cameras) and personal data. Modern platforms use permission systems to protect access to these resources. The nature of these permission systems vary widely across platforms. Some platforms obtain user consent as part of installation, while others display runtime consent dialogs. We propose a set of guidelines to aid platform designers in determining the most appropriate permission-granting mechanism for a given permission. We apply our proposal to a smart-phone platform. A preliminary evaluation indicates that our model will reduce the number of warnings presented to users, thereby reducing habituation effects.
Conference Paper
Today's smartphones provide services and uses that required a panoply of dedicated devices not so long ago. With them, we listen to music, play games or chat with our friends; but we also read our corporate email and documents, manage our online banking; and we have started to use them directly as a means of payment. In this paper, we aim to raise awareness of side-channel attacks even when strong isolation protects sensitive applications. Previous works have studied the use of the phone accelerometer and gyroscope as side channel data to infer PINs. Here, we describe a new side-channel attack that makes use of the video camera and microphone to infer PINs entered on a number-only soft keyboard on a smartphone. The microphone is used to detect touch events, while the camera is used to estimate the smartphone's orientation, and correlate it to the position of the digit tapped by the user. We present the design, implementation and early evaluation of PIN Skimmer, which has a mobile application and a server component. The mobile application collects touch-event orientation patterns and later uses learnt patterns to infer PINs entered in a sensitive application. When selecting from a test set of 50 4-digit PINs, PIN Skimmer correctly infers more than 30% of PINs after 2 attempts, and more than 50% of PINs after 5 attempts on android-powered Nexus S and Galaxy S3 phones. When selecting from a set of 200 8-digit PINs, PIN Skimmer correctly infers about 45% of the PINs after 5 attempts and 60% after 10 attempts. It turns out to be difficult to prevent such side-channel attacks, so we provide guidelines for developers to mitigate present and future side-channel attacks on PIN input.
Conference Paper
Each time a user installs an application on their Android phone they are presented with a full screen of information describing what access they will be granting that application. This information is intended to help them make two choices: whether or not they trust that the application will not damage the security of their device and whether or not they are willing to share their information with the ap- plication, developer, and partners in question. We performed a series of semi-structured interviews in two cities to determine whether people read and understand these permissions screens, and to better understand how people perceive the implications of these decisions. We find that the permissions displays are generally viewed and read, but not understood by Android users. Alarmingly, we find that people are unaware of the security risks associated with mobile apps and believe that app mar- ketplaces test and reject applications. In sum, users are not currently well prepared to make informed privacy and security decisions around installing applications.
Article
This paper shows that the location of screen taps on modern smartphones and tablets can be identified from accelerometer and gyroscope readings. Our findings have serious implications, as we demonstrate that an attacker can launch a background process on commodity smartphones and tablets, and silently monitor the user's inputs, such as keyboard presses and icon taps. While precise tap detection is nontrivial, requiring machine learning algorithms to identify fingerprints of closely spaced keys, sensitive sensors on modern devices aid the process. We present TapPrints, a framework for inferring the location of taps on mobile device touch-screens using motion sensor data combined with machine learning analysis. By running tests on two different off-the-shelf smartphones and a tablet computer we show that identifying tap locations on the screen and inferring English letters could be done with up to 90% and 80% accuracy, respectively. By optimizing the core tap detection capability with additional information, such as contextual priors, we are able to further magnify the core threat.
Article
Today's smartphones are shipped with various embedded motion sensors, such as the accelerometer, gyroscope, and orientation sensors. These motion sensors are useful in supporting the mobile UI innovation and motion-based commands. However, they also bring potential risks of leaking user's private information as they allow third party applications to monitor the motion changes of smartphones. In this paper, we study the feasibility of inferring a user's tap inputs to a smartphone with its integrated motion sensors. Specifically, we utilize an installed trojan application to stealthily monitor the movement and gesture changes of a smartphone using its on-board motion sensors. When the user is interacting with the trojan application, it learns the motion change patterns of tap events. Later, when the user is performing sensitive inputs, such as entering passwords on the touchscreen, the trojan application applies the learnt pattern to infer the occurrence of tap events on the touchscreen as well as the tapped positions on the touchscreen. For demonstration, we present the design and implementation of TapLogger, a trojan application for the Android platform, which stealthily logs the password of screen lock and the numbers entered during a phone call (e.g., credit card and PIN numbers). Statistical results are presented to show the feasibility of such inferences and attacks.
Conference Paper
Keypads are commonly used to enter personal identification numbers (PIN) which are intended to authenticate a user based on what they know. A number of those keypads such as ATM inputs and door keypads provide an audio feedback to the user for each button pressed. Such audio feedback are observable from a modest distance. We are looking at quantifying the information leaking from delays between acoustic feedback pulses. Preliminary experiments suggest that by using a Hidden Markov Model, it might be possible to substantially narrow the search space. A subsequent brute force search on the reduced search space could be possible with- out triggering alerts, lockouts or other mechanisms design to thwart plain brute force attempts.
Conference Paper
Mobile phones are increasingly equipped with a range of highly responsive sensors. From cameras and GPS receivers to three-axis accelerometers, applications running on these devices are able to experience rich interactions with their environment. Unfortunately, some applications may be able to use such sensors to monitor their surroundings in unintended ways. In this paper, we demonstrate that an application with access to accelerometer readings on a modern mobile phone can use such information to recover text entered on a nearby keyboard. Note that unlike previous emanation recovery papers, the accelerometers on such devices sample at near the Nyquist rate, making previous techniques unworkable. Our application instead detects and decodes keystrokes by measuring the relative physical position and distance between each vibration. We then match abstracted words against candidate dictionaries and record word recovery rates as high as 80%. In so doing, we demonstrate the potential to recover significant information from the vicinity of a mobile device without gaining access to resources generally considered to be the most likely sources of leakage (e.g., microphone, camera).
Conference Paper
Modern mobile phones possess three types of capabilities: computing, communication, and sensing. While these capa- bilities enable a variety of novel applications, they also raise serious privacy concerns. We explore the vulnerability where attackers snoop on users by sniffing on their mobile phone sensors, such as the microphone, camera, and GPS receiver. We show that current mobile phone platforms inadequately protect their users from this threat. To provide better pri- vacy for mobile phone users, we analyze desirable uses of these sensors and discuss the properties of good privacy pro- tection solutions. Then, we propose a general framework for such solutions and discuss various possible approaches to implement the framework's components.
Conference Paper
Reflecting objects such as tea pots and glasses, but also diffusely reflecting objects such as a user's shirt, can be used to spy on confidential data displayed on a monitor. First, we show how reflections in the user's eye can be exploited for spying on confidential data. Second, we investigate to what extent monitor images can be reconstructed from the diffuse reflections on a wall or the user's clothes, and provide information- theoretic bounds limiting this type of attack. Third, we evaluate the effectiveness of several countermeasures. This substantially improves previous work (Backes et al., IEEE Symposium on Security & Privacy, 2008).
Conference Paper
We present a novel eavesdropping technique for spying at a distance on data that is displayed on an arbitrary computer screen, including the currently prevalent LCD monitors. Our technique exploits reflections of the screen's optical emanations in various objects that one commonly finds in close proximity to the screen and uses those reflections to recover the original screen content. Such objects include eyeglasses, tea pots, spoons, plastic bottles, and even the eye of the user. We have demonstrated that this attack can be successfully mounted to spy on even small fonts using inexpensive, off-the-shelf equipment (less than 1500 dollars) from a distance of up to 10 meters. Relying on more expensive equipment allowed us to conduct this attack from over 30 meters away, demonstrating that similar attacks are feasible from the other side of the street or from a close-by building. We additionally establish theoretical limitations of the attack; these limitations may help to estimate the risk that this attack can be successfully mounted in a given environment.
Conference Paper
We show that PC keyboards, notebook keyboards, telephone and ATM pads are vulnerable to attacks based on differentiating the sound emanated by different keys. Our attack employs a neural network to recognize the key being pressed. We also investigate why different keys produce different sounds and provide hints for the design of homophonic keyboards that would be resistant to this type of attack.
Article
SSH is designed to provide a secure channel between two hosts. Despite the encryption and authentication mechanisms it uses, SSH has two weakness: First, the transmitted packets are padded only to an eight-byte boundary (if a block cipher is in use), which reveals the approximate size of the original data. Second, in interactive mode, every individual keystroke that a user types is sent to the remote machine in a separate IP packet immediately after the key is pressed, which leaks the interkeystroke timing information of users' typing. In this paper, we show how these seemingly minor weaknesses result in serious security risks.
Conference Paper
By carefully measuring the amount of time required to perform private key operations, attackers may be able to find fixed Diffie-Hellman exponents, factor RSA keys, and break other cryptosystems. Against a vulnerable system, the attack is computationally inexpensive and often requires only known ciphertext. Actual systems are potentially at risk, including cryptographic tokens, network-based cryptosystems, and other applications where attackers can make reasonably accurate timing measurements. Techniques for preventing the attack for RSA and Diffie-Hellman are presented. Some cryptosystems will need to be revised to protect against the attack, and new protocols and algorithms may need to incorporate measures to prevent timing attacks.
Mobile Banking Services
  • Plc Barclays
Simplified permissions on Google Play
  • Google
Inferring PINs The Camera and Microphone
  • L Simon
  • R Anderson
  • Skimmer
BlackBerry Runtime 10
  • Blackberry
How to uncover and use the hidden Service menu on the Galaxy S3. http://www.androidcentral.com/ how-uncover-and-use-hidden-service-menu-galaxy-s3
  • Gary Mazo
GARY MAZO. How to uncover and use the hidden Service menu on the Galaxy S3. http://www.androidcentral.com/ how-uncover-and-use-hidden-service-menu-galaxy-s3.
Your Password is Your New PIN
  • M Jakobsson
  • D Liu
Sensors Overview. http://developer.android.com/guide/topics/sensors/sensors_overview
  • Android Developers
Timing Analysis of Keystrokes and Timing Attacks on SSH
  • D X Wagner
  • D And Tian
SONG, D. X., WAGNER, D., AND TIAN, X. Timing Analysis of Keystrokes and Timing Attacks on SSH. In USENIX Security Symposium (2001).
Inferring Keystrokes on Touch Screen from Smartphone Motion
  • L And
  • H Touchlogger
CAI, L., AND CHEN, H. TouchLogger: Inferring Keystrokes on Touch Screen from Smartphone Motion. In USENIX Conference on Hot Topics in Security (HotSec) (2011).
Inferring User Inputs On Smartphone Touchscreens Using On-Board Motion Sensors
  • Z Bai
  • K And Zhu
  • S Taplogger
XU, Z., BAI, K., AND ZHU, S. TapLogger: Inferring User Inputs On Smartphone Touchscreens Using On-Board Motion Sensors. In Conference on Security and Privacy in Wireless and Mobile Networks (WISEC) (2012), ACM, pp. 113-124.
Your Password is Your New PIN
  • M And Liu
JAKOBSSON, M., AND LIU, D. Your Password is Your New PIN. In Mobile Authentication, SpringerBriefs in Computer Science. Springer New York, 2013, pp. 25-36.
Inferring PINs Through The Camera and Microphone
  • L And Anderson
  • R Skimmer
SIMON, L., AND ANDERSON, R. PIN Skimmer: Inferring PINs Through The Camera and Microphone. In ACM Workshop on Security and Privacy in Smartphones & Mobile Devices (SPSM) (2013), pp. 67-78.
http://media.ofcom.org.uk/2013/08/ 01/the-reinvention-of-the-1950s-living-room
  • Uk Office
  • Communications
UK OFFICE OF COMMUNICATIONS. Communications Market Report 2013. http://media.ofcom.org.uk/2013/08/ 01/the-reinvention-of-the-1950s-living-room-2/, 2013.