On the Practicality of Motion Based Keystroke Inference Attack

  • Liang Cai
  • Hao Chen
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7344)


Recent researches have shown that motion sensors may be used as a side channel to infer keystrokes on the touchscreen of smartphones. However, the practicality of this attack is unclear. For example, does this attack work on different devices, screen dimensions, keyboard layouts, or keyboard types? Does this attack depend on specific users or is it user independent? To answer these questions, we conducted a user study where 21 participants typed a total of 47,814 keystrokes on four different mobile devices in six settings. Our results show that this attack remains effective even though the accuracy is affected by user habits, device dimension, screen orientation, and keyboard layout. On a number-only keyboard, after the attacker tries 81 4-digit PINs, the probability that she has guessed the correct PIN is 65%, which improves the accuracy rate of random guessing by 81 times. Our study also indicates that inference based on the gyroscope is more accurate than that based on the accelerometer. We evaluated two classification techniques in our prototype and found that they are similarly effective.


Support Vector Machine Mobile Device Motion Data User Study Gesture Recognition 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
  2. 2.
    Asonov, D., Agrawal, R.: Keyboard acoustic emanations. In: Proceedings of IEEE Symposium on Security and Privacy, pp. 3–11 (May 2004)Google Scholar
  3. 3.
    Aylward, R., Lovell, S.D., Paradiso, J.A.: A compact, wireless, wearable sensor network for interactive dance ensembles. In: International Workshop on Wearable and Implantable Body Sensor Networks, BSN 2006, pages 4, p. 70 (April 2006)Google Scholar
  4. 4.
    Cai, L., Chen, H.: Touchlogger: inferring keystrokes on touch screen from smartphone motion. In: Proceedings of the 6th USENIX Conference on Hot Topics in Security, HotSec 2011, p. 9 (2011)Google Scholar
  5. 5.
    Cai, L., Machiraju, S., Chen, H.: Defending against sensor-sniffing attacks on mobile phones. In: Proceedings of the 1st ACM Workshop on Networking, Systems, and Applications for Mobile Handhelds, MobiHeld 2009, pp. 31–36 (2009)Google Scholar
  6. 6.
    Choe, B., Min, J.-K., Cho, S.-B.: Online Gesture Recognition for User Interface on Accelerometer Built-in Mobile Phones. In: Wong, K.W., Mendis, B.S.U., Bouzerdoum, A. (eds.) ICONIP 2010, Part II. LNCS, vol. 6444, pp. 650–657. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  7. 7.
    Chong, M.K., Marsden, G., Gellersen, H.: Gesturepin: using discrete gestures for associating mobile devices. In: Proceedings of the 12th International Conference on Human Computer Interaction with Mobile Devices and Services, MobileHCI 2010, pp. 261–264 (2010)Google Scholar
  8. 8.
    Kune, D.F., Kim, Y.: Timing attacks on pin input devices. In: Proceedings of the 17th ACM Conference on Computer and Communications Security, CCS 2010, pp. 678–680 (2010)Google Scholar
  9. 9.
    Madzarov, D.G.G., Chorbev, I.: A multiclass svm classifier utilizing binary decision tree. In: Informatica33, pp. 233–241 (2009)Google Scholar
  10. 10.
    Hancke, G.P.: Gesture recognition as ubiquitous input for mobile phones (2008)Google Scholar
  11. 11.
    Lester, J., Hannaford, B., Borriello, G.: “Are You with Me?” - Using Accelerometers to Determine If Two Devices Are Carried by the Same Person. In: Ferscha, A., Mattern, F. (eds.) PERVASIVE 2004. LNCS, vol. 3001, pp. 33–50. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  12. 12.
    Liu, J., Wang, Z., Zhong, L., Wickramasuriya, J., Vasudevan, V.: uwave: Accelerometer-based personalized gesture recognition and its applications. Pervasive and Mobile Computing 5, 1–9 (2009)zbMATHCrossRefGoogle Scholar
  13. 13.
    Mayrhofer, R., Gellersen, H.-W.: Shake Well Before Use: Authentication Based on Accelerometer Data. In: LaMarca, A., Langheinrich, M., Truong, K.N. (eds.) Pervasive 2007. LNCS, vol. 4480, pp. 144–161. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  14. 14.
    Min, C.-H., Tewfik, A.H.: Automatic characterization and detection of behavioral patterns using linear predictive coding of accelerometer sensor data. In: Proceedings of the International Conference of IEEE Engineering in Medicine and Biology Society, vol. 2010, pp. 220–223 (2010)Google Scholar
  15. 15.
    Nasiri, S., Sachs, D., Maia, M.: Selection and integration of mems-based motion processing in consumer apps (July 2009),
  16. 16.
    Niu, Y., Chen, H.: Gesture authentication with touch input for mobile devices. In: 3rd International Conference on Security and Privacy in Mobile Information and Communication Systems, MobiSec 2011 (May 2011)Google Scholar
  17. 17.
    Owusu, E., Han, J., Das, S., Perrig, A., Zhang, J.: Accessory: password inference using accelerometers on smartphones. In: Proceedings of the Twelfth Workshop on Mobile Computing Systems and Applications, HotMobile 2012, pp. 9:1–9:6. ACM, New York (2012)Google Scholar
  18. 18.
    Pham, C., Plötz, T., Olivier, P.: A Dynamic Time Warping Approach to Real-Time Activity Recognition for Food Preparation. In: de Ruyter, B., Wichert, R., Keyson, D.V., Markopoulos, P., Streitz, N., Divitini, M., Georgantas, N., Mana Gomez, A. (eds.) AmI 2010. LNCS, vol. 6439, pp. 21–30. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  19. 19.
    Popescu, A., Block, S.: DeviceOrientation event specification, editor’s draft 9 (February 2011),
  20. 20.
    Song, D.X., Wagner, D., Tian, X.: Timing analysis of keystrokes and timing attacks on ssh. In: Proceedings of the 10th conference on USENIX Security Symposium, vol. 10, p. 25 (2001)Google Scholar
  21. 21.
    Vuagnoux, M., Pasini, S.: Compromising electromagnetic emanations of wired and wireless keyboards. In: Proceedings of the 18th Conference on USENIX Security Symposium, SSYM 2009, pp. 1–16 (2009)Google Scholar
  22. 22.
    Wu, J., Pan, G., Zhang, D., Qi, G., Li, S.: Gesture Recognition with a 3-D Accelerometer. In: Zhang, D., Portmann, M., Tan, A.-H., Indulska, J. (eds.) UIC 2009. LNCS, vol. 5585, pp. 25–38. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  23. 23.
    Xu, N., Zhang, F., Luo, Y., Jia, W., Xuan, D., Teng, J.: Stealthy video capturer: a new video-based spyware in 3G smartphones. In: Proceedings of the Second ACM Conference on Wireless Network Security, WiSec 2009, pp. 69–78 (2009)Google Scholar
  24. 24.
    Zhang, K., Zhou, X., Intwala, M., Kapadia, A., Wang, X.: Soundcomber: A stealthy and context-aware sound trojan for smartphones. In: Proceedings of the 18th Annual Networkand Distributed System Security Symposium, NDSS 2011 (2011)Google Scholar
  25. 25.
    Zhuang, L., Zhou, F., Tygar, J.D.: Keyboard acoustic emanations revisited. ACM Transactions on Information and System Security 13, 3:1–3:26 (2009)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Liang Cai
    • 1
  • Hao Chen
    • 1
  1. 1.University of CaliforniaDavisUSA

Personalised recommendations