The proliferation of smartphones equipped with various sensors created a large user base, which includes robots (smartphone controlled) as well. The high processor enabled smartphones are used as software robots to track hour-to-hour activities of users using on-board motion sensors. The magnetometer, accelerometer, and gyroscope are non-permission based motion sensors. The logs of these sensors create discriminative patterns to identify users’ movements. This leverages an adversary to cause privacy threats using these non-permission based sensors without user consent. Recent works also highlighted the privacy threats due to the motion sensors in smartphones. Therefore, in this paper, we present a potential misuse of technology where smartphones can be hacked by PIN Inference attack endangering the mobile security. Once the smartphone is compromised, it may lead to various repercussions. We discuss one such case where after PIN is inferred the adversary incorrectly uses our robot made for corridor detection. With this example, we show the severity of the PIN-Inference attack as nowadays many user activities are governed by robots. We perform experiments to collect motion sensors’ data and infer 4-digit PIN of a smartphone. Our strategy is to detect every key pressed one by one constituting a 4-digit PIN. Our inference results are promising and prove that an adversary can make use of sensors’ data to infiltrate user’s sensitive information from smartphones. Our proposed model infers 84% of the PINs correctly within 40 attempts when tested on 50 PINs. Given real Android devices with different users, we can identify the PIN of smartphones by training our machine learning based model. We also compare our approach with existing state-of-the-art approaches to show the efficacy of our attack model.
Read full abstract