Open Sesame! Hacking the Password

  • Hwajeong Seo
  • Zhe Liu
  • Gyuwon Seo
  • Taehwan Park
  • Jongseok Choi
  • Howon KimEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9503)


Wearable technology provides user friendly and customized services with multiple sensor data. However, user’s sensor data is very personal and sensitive information. If malicious user abuses this information, it would cause huge social problems. In this paper, we present a novel hacking method to identify the user’s password from wearable devices. We gathered three axis acceleration information from user’s wearable devices and estimated the user’s activity. After then we conducted post-processing to eliminate the impossible cases. This approach reduces the password complexity by 99.99 %.


Wearable devices Acceleration data Password Hacking 


  1. 1.
    Your ID number is not a password, November 2010.
  2. 2.
    Aviv, A.J., Sapp, B., Blaze, M., Smith, J.M.: Practicality of accelerometer side channels on smartphones. In: Proceedings of the 28th Annual Computer Security Applications Conference, pp. 41–50. ACM (2012)Google Scholar
  3. 3.
    Chang, A.: Your door is about to get clever 5 smart locks compared, March 2013.
  4. 4.
    Chowdhury, T., Aarabi, P., Zhou, W., Zhonglin, Y., Zou, K.: Extended touch mobile user interfaces through sensor fusion. In: 16th International Conference on Information Fusion (FUSION), pp. 623–629. IEEE (2013)Google Scholar
  5. 5.
    Heater, B.: Goji’s Smart Lock snaps pictures welcomes you by name, July 2013.
  6. 6.
    Hoanca, B., Mock, K.J.: Screen oriented technique for reducing the incidence of shoulder surfing. In: Security and Management, pp. 334–340 (2005)Google Scholar
  7. 7.
    Kim, I.: Keypad against brute force attacks on smartphones. IET Inf. Secur. 6(2), 71–76 (2012)CrossRefGoogle Scholar
  8. 8.
    Lee, C.: System and method for secure data entry. US Patent App. 13/093,141, 25 April 2011Google Scholar
  9. 9.
    Marquardt, P., Verma, A., Carter, H., Traynor, P.: (sp)iPhone: decoding vibrations from nearby keyboards using mobile phone accelerometers. In: Proceedings of the 18th ACM Conference on Computer and Communications Security, pp. 551–562. ACM (2011)Google Scholar
  10. 10.
    McIntyre, K.E., Sheets, J.F., Gougeon, D.A.J., Watson, C.W., Morlang, K.P., Faoro, D.: Method for secure pin entry on touch screen display. US Patent 6,549,194, 15 April 2003Google Scholar
  11. 11.
    Michalevsky, Y., Boneh, D., Nakibly, G.: Gyrophone: Recognizing speech from gyroscope signals. In: Proceeding 23rd USENIX Security Symposium (SEC 2014). USENIX Association (2014)Google Scholar
  12. 12.
    Narain, S., Sanatinia, A., Noubir, G.: Single-stroke language-agnostic keylogging using stereo-microphones and domain specific machine learning. In: Proceedings of the ACM Conference on Security and Privacy in Wireless & Mobile Networks, pp. 201–212. ACM (2014)Google Scholar
  13. 13.
    Owusu, E., Han, J., Das, S., Perrig, A., Zhang, J.: Accessory: password inference using accelerometers on smartphones. In: Proceedings of the Twelfth Workshop on Mobile Computing Systems & Applications, p. 9. ACM (2012)Google Scholar
  14. 14.
    Shin, H.-S.: Device and method for inputting password using random keypad. US Patent 7,698,563, 13 April 2010Google Scholar
  15. 15.
    Simon, L., Anderson, R.: Pin skimmer: Inferring pins through the camera and microphone. In: Proceedings of the Third ACM Workshop on Security and Privacy in Smartphones & Mobile Devices, pp. 67–78. ACM (2013)Google Scholar
  16. 16.
    Spreitzer, R.: Pin skimming: exploiting the ambient-light sensor in mobile devices. In: Proceedings of the 4th ACM Workshop on Security and Privacy in Smartphones & Mobile Devices, pp. 51–62. ACM (2014)Google Scholar
  17. 17.
    Xu, Z., Bai, K., Zhu, S.: Taplogger: Inferring user inputs on smartphone touchscreens using on-board motion sensors. In: Proceedings of the fifth ACM Conference on Security and Privacy in Wireless and Mobile Networks, pp. 113–124. ACM (2012)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2016

Authors and Affiliations

  • Hwajeong Seo
    • 1
  • Zhe Liu
    • 2
  • Gyuwon Seo
    • 1
  • Taehwan Park
    • 1
  • Jongseok Choi
    • 1
  • Howon Kim
    • 1
    Email author
  1. 1.School of Computer Science and EngineeringPusan National UniversityBusanRepublic of Korea
  2. 2.Laboratory of Algorithmics, Cryptology and Security (LACS)University of LuxembourgLuxembourg-kirchbergLuxembourg

Personalised recommendations