Abstract
A wealth of sensors on smartphone has greatly enriched people’s life, but these sensors also brought potential security problems since they allow third-party applications to monitor the motion changes of smartphones. This paper presents an empirical study of analyzing the characteristics of accelerometer and magnetometer data collected from third-party applications to infer user inputs on smartphone. Specifically, an installed application was run as a background process to monitor the data of motion sensors. Accelerometer data was analyzed to detect the occurrence of touch tap actions. Then the accelerometer data and magnetometer data were combined together to build a model for inferring the tap position on touchscreen. Along with common layouts of keyboard or number pad, one can easily obtain users’ inputs. Results indicated that users’ inputs could be accurately inferred from the data of motion sensors, with the accuracies of 100% and 80% for tap-action detection and input inference in some cases. We conclude that readings from motion sensor are a powerful side channel for inferring user inputs, and could provide extra avenues for attackers.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
