Team for Research in
Ubiquitous Secure Technology

ACCessory: Password Inference using Accelerometers on Smartphones
Emmanuel Owusu, Jun Han, Sauvik Das, Adrian Perrig

Citation
Emmanuel Owusu, Jun Han, Sauvik Das, Adrian Perrig. "ACCessory: Password Inference using Accelerometers on Smartphones". To appear in Proceedings of The Thirteenth Workshop on Mobile Computing Systems and Applications (HotMobile), ACM, February, 2012; Final submitted version.

Abstract
We show that accelerometer readings are a powerful side channel that can be used to extract entire sequences of entered text on a smartphone touchscreen keyboard. This possibility is a concern for two main reasons. First, unauthorized access to one’s keystrokes is a serious invasion of privacy as consumers increasingly use smartphones for sensitive transactions. Second, unlike many other sensors found on smartphones, the accelerometer does not require special privileges to access on current smartphone OSes. We show that accelerometer measurements can be used to extract 6-character passwords in as few as 4.5 trials (median).

Electronic downloads

Citation formats  
  • HTML
    Emmanuel Owusu, Jun Han, Sauvik Das, Adrian Perrig. <a
    href="http://www.truststc.org/pubs/844.html"
    >ACCessory: Password Inference using Accelerometers on
    Smartphones</a>, To appear in Proceedings of The
    Thirteenth Workshop on Mobile Computing Systems and
    Applications (HotMobile), ACM, February, 2012; Final
    submitted version.
  • Plain text
    Emmanuel Owusu, Jun Han, Sauvik Das, Adrian Perrig.
    "ACCessory: Password Inference using Accelerometers on
    Smartphones". To appear in Proceedings of The
    Thirteenth Workshop on Mobile Computing Systems and
    Applications (HotMobile), ACM, February, 2012; Final
    submitted version.
  • BibTeX
    @inproceedings{OwusuHanDasPerrig12_ACCessoryPasswordInferenceUsingAccelerometersOnSmartphones,
        author = {Emmanuel Owusu and Jun Han and Sauvik Das and
                  Adrian Perrig},
        title = {ACCessory: Password Inference using Accelerometers
                  on Smartphones},
        booktitle = {To appear in Proceedings of The Thirteenth
                  Workshop on Mobile Computing Systems and
                  Applications (HotMobile)},
        organization = {ACM},
        month = {February},
        year = {2012},
        note = {Final submitted version.},
        abstract = {We show that accelerometer readings are a powerful
                  side channel that can be used to extract entire
                  sequences of entered text on a smartphone
                  touchscreen keyboard. This possibility is a
                  concern for two main reasons. First, unauthorized
                  access to oneâs keystrokes is a serious invasion
                  of privacy as consumers increasingly use
                  smartphones for sensitive transactions. Second,
                  unlike many other sensors found on smartphones,
                  the accelerometer does not require special
                  privileges to access on current smartphone OSes.
                  We show that accelerometer measurements can be
                  used to extract 6-character passwords in as few as
                  4.5 trials (median). },
        URL = {http://www.truststc.org/pubs/844.html}
    }
    

Posted by Mary Stewart on 4 Apr 2012.
For additional information, see the Publications FAQ or contact webmaster at www truststc org.

Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright.