Abstract
Due to the advancement in technologies and excessive usability of smartphones in various domains (e.g., mobile banking), smartphones became more prone to malicious attacks.Typing on the soft keyboard of a smartphone produces different vibrations, which can be abused to recognize the keys being pressed, hence, facilitating side-channel attacks. In this work, we develop and evaluate AlphaLogger- an Android-based application that infers the alphabet keys being typed on a soft keyboard. AlphaLogger runs in the background and collects data at a frequency of 10Hz/sec from the smartphone hardware sensors (accelerometer, gyroscope and magnetometer) to accurately infer the keystrokes being typed on the soft keyboard of all other applications running in the foreground. We show a performance analysis of the different combinations of sensors. A thorough evaluation demonstrates that keystrokes can be inferred with an accuracy of 90.2% using accelerometer, gyroscope, and magnetometer.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Ali R, Pal AK, Kumari S, Sangaiah AK, Li X, Wu F (2018) An enhanced three factor based authentication protocol using wireless medical sensor networks for healthcare monitoring. J Ambient Intell Human Comput, pp 1–22
Altman NS (1992) An introduction to kernel and nearest-neighbor nonparametric regression. Am Stat 46(3):175–185
Aviv AJ, Sapp B, Blaze M, Smith JM (2012) Practicality of accelerometer side channels on smartphones. In: Proceedings of the 28th annual computer security applications conference, New York, pp 41–50
Cai L, Chen H (2011) Touchlogger: Inferring keystrokes on touch screen from smartphone motion. In: Proceedings of the 6th USENIX conference on Hot topics in security, p 9
Cai L, Machiraju S, Chen H (2009) Defending against sensor-sniffing attacks on mobile phones. In: Proceedings of the 1st ACM workshop on networking, systems, and applications for mobile handhelds, Barcelona, pp 31–36
Cook DJ (2010) Learning setting-generalized activity models for smart spaces. IEEE Intell Syst 2010(99):1
Deb S, Yang YO, Chua MCH, Tian J (2020) Gait identification using a new time-warped similarity metric based on smartphone inertial signals. J Ambient Intell Hum Comput pp 1–13
Dietterich TG (2000) Ensemble methods in machine learning. In: international workshop on multiple classifier systems, Italy, Springer, pp 1–15
Foo Kune D, Kim Y (2010) Timing attacks on pin input devices. In: proceedings of the 17th ACM conference on computer and communications security, Chicago Illinois USA, pp 678–680
Graczyk M, Lasota T, Trawiński B, Trawiński K (2010) Comparison of bagging, boosting and stacking ensembles applied to real estate appraisal. In: Asian conference on intelligent information and database systems, Yogyakarta Indonesia, Springer, pp 340–350
Hall M, Frank E, Holmes G, Pfahringer B, Reutemann P, Witten IH (2009) The weka data mining software: an update. ACM SIGKDD Explor Newsl 11(1):10–18
Hussain M, Al-Haiqi A, Zaidan A, Zaidan B, Kiah MM, Anuar NB, Abdulnabi M (2016) The rise of keyloggers on smartphones: a survey and insight into motion-based tap inference attacks. Pervasive Mobile Comput 25:1–25
Krause A, Ihmig M, Rankin E, Leong D, Gupta S, Siewiorek D, Smailagic A, Deisher M, Sengupta U (2005) Trading off prediction accuracy and power consumption for context-aware wearable computing. In: Ninth IEEE international symposium on wearable computers (ISWC’05), Osaka, IEEE, pp 20–26
Kucukyilmaz T, Cambazoglu BB, Aykanat C, Can F (2008) Chat mining: predicting user and message attributes in computer-mediated communication. Inf Process Manag 44(4):1448–1466
Kuppusamy K (2019) PassContext and PassActions: transforming authentication into multi-dimensional contextual and interaction sequences. J Ambient Intell Human Comput, pp 1–28
Kwapisz JR, Weiss GM, Moore SA (2011) Activity recognition using cell phone accelerometers. ACM SigKDD Explor Newsl 12(2):74–82
Lanette S, Mazmanian M (2018) The smartphone” addiction” narrative is compelling, but largely unfounded. In: extended abstracts of the 2018 CHI conference on human factors in computing systems, Montreal, Canada, pp 1–6
Owusu E, Han J, Das S, Perrig A, Zhang J (2012) ACCessory: password inference using accelerometers on smartphones. In: Proceedings of the twelfth workshop on mobile computing systems and applications, San Diego California, pp 1–6
Ping D, Sun X, Mao B (2015) Textlogger: inferring longer inputs on touch screen using motion sensors. In: proceedings of the 8th ACM conference on security and privacy in wireless and mobile networks, New York, pp 1–12
Platt J (1998) Sequential minimal optimization: a fast algorithm for training support vector machines
Ruan O, Wang Q, Wang Z (2019) Provably leakage-resilient three-party password-based authenticated key exchange. J Ambient Intell Hum Comput 10(1):163–173
Shumailov I, Simon L, Yan J, Anderson R (2019) Hearing your touch: a new acoustic side channel on smartphones. arXiv Prepr 1903:11137 arXiv:190311137
Song R, Song Y, Gao S, Xiao B, Hu A (2018) I know what you type: Leaking user privacy via novel frequency-based side-channel attacks. In: 2018 IEEE global communications conference (GLOBECOM), Abu Dhabi, IEEE, pp 1–6
Tang G, Pei J, Luk WS (2014) Email mining: tasks, common techniques, and tools. Knowl Inf Syst 41(1):1–31
Tang B, Wang Z, Wang R, Zhao L, Wang L (2018) Niffler: a context-aware and user-independent side-channel. Wirel Commun Mobile Comput 2018:1–19
Voicu RA, Dobre C, Bajenaru L, Ciobanu RI (2019) Human physical activity recognition using smartphone sensors. Sensors 19(3):458
Vuagnoux M, Pasini S (2009) Compromising electromagnetic emanations of wired and wireless keyboards. In: proceedings of the 18th conference on USENIX security symposium, Montreal, pp 1–16
Wang Y, Cai W, Gu T, Shao W (2019) Your eyes reveal your secrets: an eye movement based password inference on smartphone. IEEE transactions on mobile computing pp 1–1
Xu N, Zhang F, Luo Y, Jia W, Xuan D, Teng J (2009) Stealthy video capturer: a new video-based spyware in 3g smartphones. In: proceedings of the second ACM conference on wireless network security, Zurich Switzerland, pp 69–78
Xu Z, Bai K, Zhu S (2012) Taplogger: Inferring user inputs on smartphone touchscreens using on-board motion sensors. In: proceedings of the fifth ACM conference on security and privacy in wireless and mobile networks, Tucson Arizona USA, pp 113–124
Xu D, Chen J, Liu Q (2019) Provably secure anonymous three-factor authentication scheme for multi-server environments. J Ambient Intell Hum Comput 10(2):611–627
Zhuang L, Zhou F, Tygar JD (2009) Keyboard acoustic emanations revisited. ACM Trans Inf Syst Secur (TISSEC) 13(1):1–26
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Javed, A.R., Beg, M.O., Asim, M. et al. AlphaLogger: detecting motion-based side-channel attack using smartphone keystrokes. J Ambient Intell Human Comput 14, 4869–4882 (2023). https://doi.org/10.1007/s12652-020-01770-0
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12652-020-01770-0