Team for Research in
Ubiquitous Secure Technology

Citation
Emmanuel Owusu, Jun Han, Sauvik Das, Adrian Perrig. "ACCessory: Password Inference using Accelerometers on Smartphones". To appear in Proceedings of The Thirteenth Workshop on Mobile Computing Systems and Applications (HotMobile), ACM, February, 2012; Final submitted version.

Abstract
We show that accelerometer readings are a powerful side channel that can be used to extract entire sequences of entered text on a smartphone touchscreen keyboard. This possibility is a concern for two main reasons. First, unauthorized access to one’s keystrokes is a serious invasion of privacy as consumers increasingly use smartphones for sensitive transactions. Second, unlike many other sensors found on smartphones, the accelerometer does not require special privileges to access on current smartphone OSes. We show that accelerometer measurements can be used to extract 6-character passwords in as few as 4.5 trials (median).

Electronic downloads

• HotMobile12-final42-1.pdf · application/pdf · 363 kbytes

• HTML

  Emmanuel Owusu, Jun Han, Sauvik Das, Adrian Perrig. <a
  href="http://www.truststc.org/pubs/844.html"
  >ACCessory: Password Inference using Accelerometers on
  Smartphones</a>, To appear in Proceedings of The
  Thirteenth Workshop on Mobile Computing Systems and
  Applications (HotMobile), ACM, February, 2012; Final
  submitted version.

• Plain text

  Emmanuel Owusu, Jun Han, Sauvik Das, Adrian Perrig.
  "ACCessory: Password Inference using Accelerometers on
  Smartphones". To appear in Proceedings of The
  Thirteenth Workshop on Mobile Computing Systems and
  Applications (HotMobile), ACM, February, 2012; Final
  submitted version.

• BibTeX

  @inproceedings{OwusuHanDasPerrig12_ACCessoryPasswordInferenceUsingAccelerometersOnSmartphones,
      author = {Emmanuel Owusu and Jun Han and Sauvik Das and
                Adrian Perrig},
      title = {ACCessory: Password Inference using Accelerometers
                on Smartphones},
      booktitle = {To appear in Proceedings of The Thirteenth
                Workshop on Mobile Computing Systems and
                Applications (HotMobile)},
      organization = {ACM},
      month = {February},
      year = {2012},
      note = {Final submitted version.},
      abstract = {We show that accelerometer readings are a powerful
                side channel that can be used to extract entire
                sequences of entered text on a smartphone
                touchscreen keyboard. This possibility is a
                concern for two main reasons. First, unauthorized
                access to one’s keystrokes is a serious invasion
                of privacy as consumers increasingly use
                smartphones for sensitive transactions. Second,
                unlike many other sensors found on smartphones,
                the accelerometer does not require special
                privileges to access on current smartphone OSes.
                We show that accelerometer measurements can be
                used to extract 6-character passwords in as few as
                4.5 trials (median). },
      URL = {http://www.truststc.org/pubs/844.html}
  }
  

Posted by Mary Stewart on 4 Apr 2012.
For additional information, see the Publications FAQ or contact webmaster at www truststc org.