Visible to the public Smartwatch-Based Keystroke Inference Attacks and Context-Aware Protection Mechanisms

TitleSmartwatch-Based Keystroke Inference Attacks and Context-Aware Protection Mechanisms
Publication TypeConference Paper
Year of Publication2016
AuthorsMaiti, Anindya, Armbruster, Oscar, Jadliwala, Murtuza, He, Jibo
Conference NameProceedings of the 11th ACM on Asia Conference on Computer and Communications Security
PublisherACM
Conference LocationNew York, NY, USA
ISBN Number978-1-4503-4233-9
KeywordsHuman Behavior, keystroke, keystroke analysis, privacy, pubcrawl, Resiliency, Scalability, sensor, smartwatch, wearable, wearables security
Abstract

Wearable devices, such as smartwatches, are furnished with state-of-the-art sensors that enable a range of context-aware applications. However, malicious applications can misuse these sensors, if access is left unaudited. In this paper, we demonstrate how applications that have access to motion or inertial sensor data on a modern smartwatch can recover text typed on an external QWERTY keyboard. Due to the distinct nature of the perceptible motion sensor data, earlier research efforts on emanation based keystroke inference attacks are not readily applicable in this scenario. The proposed novel attack framework characterizes wrist movements (captured by the inertial sensors of the smartwatch worn on the wrist) observed during typing, based on the relative physical position of keys and the direction of transition between pairs of keys. Eavesdropped keystroke characteristics are then matched to candidate words in a dictionary. Multiple evaluations show that our keystroke inference framework has an alarmingly high classification accuracy and word recovery rate. With the information recovered from the wrist movements perceptible by a smartwatch, we exemplify the risks associated with unaudited access to seemingly innocuous sensors (e.g., accelerometers and gyroscopes) of wearable devices. As part of our efforts towards preventing such side-channel attacks, we also develop and evaluate a novel context-aware protection framework which can be used to automatically disable (or downgrade) access to motion sensors, whenever typing activity is detected.

URLhttp://doi.acm.org/10.1145/2897845.2897905
DOI10.1145/2897845.2897905
Citation Keymaiti_smartwatch-based_2016