Abstract
Smartphones and tablets are becoming ubiquitous within our connected lives and as a result these devices are increasingly being used for more and more sensitive applications, such as banking. The security of the information within these sensitive applications is managed through a variety of different processes, all of which minimise the exposure of this sensitive information to other potentially malicious applications. This paper documents experiments with the ‘zero-permission’ motion sensors on the device as a side-channel for inferring the text typed into a sensitive application. These sensors are freely accessible without the phone user having to give permission. The research was able to, on average, identify nearly 30 percent of typed bigrams from unseen words, using a very small volume of training data, which was less than the size of a tweet. Given the natural redundancy in language this performance is often enough to understand the phrase being typed. We found that large devices were typically more vulnerable, as were users who held the device in one hand whilst typing with fingers. Of those bigrams which were not correctly identified over 60 percent of the errors involved the space bar and nearly half of the errors are within two keys on the keyboard.
Highlights
THE use of mobile devices, whether smartphones or tablets, has become ubiquitous with our hyper-connected lives [1]
Digital connectivity is becoming increasingly intertwined with our daily lives and as a result the tasks that are performed on smartphones and tablets have become more personal and we have become inseparable from our smartphones [8], 40 percent of smartphone users describe them as ‘something they could not live without’ [9]
We focus on how the phone moves in order to infer information from one sensitive application
Summary
THE use of mobile devices, whether smartphones or tablets, has become ubiquitous with our hyper-connected lives [1]. These smartphones have become increasingly personal and how we trust others and share these phones has become increasingly complicated [2] As these devices hold such sensitive information it is more important than ever to be able to secure them and much research has been performed on the permissions model governing them (e.g., [3], [4], [5], [6]). Security decision in order to allow an application to access potentially sensitive information (such as the address book) or capability (such as location sensors) This complicated model has been shown to be difficult for most users to manage. Researchers have identified eleven such applications which have each been installed over 5 million times [11]
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
