Abstract
Motion sensors are integrated into all mobile devices, providing information useful for several purposes. However, these sensor data can be read by any application and by websites accessed through a browser, without requiring security permissions. In this paper, we show that information about smartphone movements can lead to the identification of a Personal Identification Number (PIN) tapped by the user. To reduce the amount of sniffed data, we use an event-driven approach, where motion sensors are sampled only when a key is pressed. The acquired data are used to train a machine learning algorithm for the classification of the keystrokes in a supervised manner. We also consider that users insert the same PIN each time authentication is required, leading to further side-channel information available to the attacker. Numerical results show the feasibility of cyber-attacks based on motion sensors. For example, 4-digit PINs are correctly recognized at the first attempt with an accuracy of 37%, and in five attempts with an accuracy of 63%.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.