Simple Defences against Vibration-Based Keystroke Fingerprinting Attacks
- 610 Downloads
Smartphones are increasingly equipped with sensitive accelerometers that can analyse acoustic vibrations on a physical surface. This allows them to gain a covert understanding of the surrounding environment by combining accelerometer sampling with sophisticated signal processing techniques. In this work, we analyse keyboard-sniffing attacks based on acoustic (vibration) covert channels, launched from a malicious application installed on a smartphone. An important requirement of such attacks is access to reliable acoustic signals that can be distinguished from the noise floor by applying appropriate signal processing techniques. Our analysis indicates that state-of-the-art attack techniques are fragile; injecting randomised noise (jamming) via the vibration medium into the accelerometer, reduces the efficiency of the attack from 80% to random guessing. We conclude that our work presents an important step towards disabling the covert channel and ensuring full security.
KeywordsVibration Signal Machine Learning Technique Acoustic Vibration Covert Channel Accelerometer Sensor
Unable to display preview. Download preview PDF.
- 1.Marquardt, P., Verma, A., Carter, H., Traynor, P. (sp)iPhone: Decoding Vibrations From Nearby Keyboards Using Mobile Phone Accelerometers. In: Proceedings of ACM Conference on Computer and Communications Security, CCS (2011)Google Scholar
- 2.Berger, Y., Wool, A., Yeredor, A.: Dictionary Attacks Using Keyboard Acoustic Emanations. In: Proceedings of the ACM Conference on Computer and Communications Security, CCS (2006)Google Scholar
- 3.Cai, L., Machiraju, S., Chen, H.: Defending Against Sensor-Sniffing Attacks on Mobile Phones. In: Proceedings of ACM SIGCOMM Workshop on Networking, Systems, Applications on Mobile Handhelds, MobiHeld (2009)Google Scholar
- 4.Mobile that allows bosses to snoop on staff developed BBC NEWS- Technology. Web (July 27, 2010), http://news.bbc.co.uk/2/hi/technology/8559683.stm/
- 5.Owusu, E., Han, J., Das, S., Perrig, A., Zhang, J.: ACCessory: Password Inference using Accelerometers on Smartphones. In: HotMobile 2012 - The 13th International Workshop on Mobile Computing Systems and Applications (2012)Google Scholar
- 6.Asonov, D., Agrawal, R.: Keyboard Acoustic Emanations. In: Proceedings of the IEEE Symposium on Security and Privacy (2004)Google Scholar
- 7.I.S. on Subjective Measurements. IEEE recommended practices for speech quality measurements. IEEE Transactions on Audio and Electroacoustics 17, 227–246 (1969)Google Scholar
- 8.Nagaraja, S., Anderson, R.: The snooping dragon: social-malware surveillance of the Tibetan movement. In: technical report UCAM-CL-TR-746, University of Cambridge (2009)Google Scholar
- 9.Schlegel, R., Zhang, K., Zhou, X., Mehool, I., Kapadia, A., Wang, X.: Soundcomber: A stealthy and context-aware sound trojan for smartphones. In: Proceedings of the 18th Annual Network and Distributed System Security Symposium, NDSS 2011 (2011)Google Scholar