A side-channel attack on smartphones: Deciphering key taps using built-in microphones

Haritabh Gupta; Shamik Sural; Vijayalakshmi Atluri; Jaideep Vaidya

doi:10.3233/JCS-17975

A side-channel attack on smartphones: Deciphering key taps using built-in microphones

Haritabh Gupta, Shamik Sural, Vijayalakshmi Atluri, Jaideep Vaidya

Rutgers Business School, Management & Information Systems

Research output: Contribution to journal › Article › peer-review

6 Scopus citations

Abstract

In recent years, concerns are increasingly being expressed about the threats of side-channel attacks that exploit acoustic emanations from electronic as well as mechanical devices of daily use. With the increased level of sophistication in both hardware and applications that run on mobile phones, the number of possible ways in which their vulnerabilities can be exploited is also on the rise. In this article, we demonstrate a novel attack which uses the sound emanating from a tap made on the touchscreen of a smartphone to decipher the text being typed. The audio signal captured by the pair of microphones typically embedded in a smartphone is first processed to determine a candidate set of keys. Filters are employed to make this step robust against ambient noise. Natural language processing techniques are then used to estimate the most probable words and sentences that can be constructed from a sequence of taps. It is shown that using even off-the-shelf tools, the typed text including passwords can be guessed with reasonably high accuracy. Besides raising awareness about this potential side-channel attack, we identify the causes that allow it to succeed and suggest countermeasures.

Original language	English (US)
Pages (from-to)	255-281
Number of pages	27
Journal	Journal of Computer Security
Volume	26
Issue number	2
DOIs	https://doi.org/10.3233/JCS-17975
State	Published - 2018

All Science Journal Classification (ASJC) codes

Software
Safety, Risk, Reliability and Quality
Hardware and Architecture
Computer Networks and Communications

Keywords

Side-channel attack
key tap
natural language processing
noise filtering
smartphone

Access to Document

10.3233/JCS-17975

Cite this

@article{2c6b5c9ac81f43419aff5f9fa7a56267,

title = "A side-channel attack on smartphones: Deciphering key taps using built-in microphones",

abstract = "In recent years, concerns are increasingly being expressed about the threats of side-channel attacks that exploit acoustic emanations from electronic as well as mechanical devices of daily use. With the increased level of sophistication in both hardware and applications that run on mobile phones, the number of possible ways in which their vulnerabilities can be exploited is also on the rise. In this article, we demonstrate a novel attack which uses the sound emanating from a tap made on the touchscreen of a smartphone to decipher the text being typed. The audio signal captured by the pair of microphones typically embedded in a smartphone is first processed to determine a candidate set of keys. Filters are employed to make this step robust against ambient noise. Natural language processing techniques are then used to estimate the most probable words and sentences that can be constructed from a sequence of taps. It is shown that using even off-the-shelf tools, the typed text including passwords can be guessed with reasonably high accuracy. Besides raising awareness about this potential side-channel attack, we identify the causes that allow it to succeed and suggest countermeasures.",

keywords = "Side-channel attack, key tap, natural language processing, noise filtering, smartphone",

author = "Haritabh Gupta and Shamik Sural and Vijayalakshmi Atluri and Jaideep Vaidya",

note = "Funding Information: Research reported in this publication was supported by the National Science Foundation under awards CNS-1564034 and CNS-1624503. The content is solely the responsibility of the authors and does not necessarily represent the official views of the agencies funding the research. Publisher Copyright: {\textcopyright} 2018-IOS Press and the authors. All rights reserved.",

year = "2018",

doi = "10.3233/JCS-17975",

language = "English (US)",

volume = "26",

pages = "255--281",

journal = "Journal of Computer Security",

issn = "0926-227X",

publisher = "IOS Press",

number = "2",

}

TY - JOUR

T1 - A side-channel attack on smartphones

T2 - Deciphering key taps using built-in microphones

AU - Gupta, Haritabh

AU - Sural, Shamik

AU - Atluri, Vijayalakshmi

AU - Vaidya, Jaideep

N1 - Funding Information: Research reported in this publication was supported by the National Science Foundation under awards CNS-1564034 and CNS-1624503. The content is solely the responsibility of the authors and does not necessarily represent the official views of the agencies funding the research. Publisher Copyright: © 2018-IOS Press and the authors. All rights reserved.

PY - 2018

Y1 - 2018

N2 - In recent years, concerns are increasingly being expressed about the threats of side-channel attacks that exploit acoustic emanations from electronic as well as mechanical devices of daily use. With the increased level of sophistication in both hardware and applications that run on mobile phones, the number of possible ways in which their vulnerabilities can be exploited is also on the rise. In this article, we demonstrate a novel attack which uses the sound emanating from a tap made on the touchscreen of a smartphone to decipher the text being typed. The audio signal captured by the pair of microphones typically embedded in a smartphone is first processed to determine a candidate set of keys. Filters are employed to make this step robust against ambient noise. Natural language processing techniques are then used to estimate the most probable words and sentences that can be constructed from a sequence of taps. It is shown that using even off-the-shelf tools, the typed text including passwords can be guessed with reasonably high accuracy. Besides raising awareness about this potential side-channel attack, we identify the causes that allow it to succeed and suggest countermeasures.

AB - In recent years, concerns are increasingly being expressed about the threats of side-channel attacks that exploit acoustic emanations from electronic as well as mechanical devices of daily use. With the increased level of sophistication in both hardware and applications that run on mobile phones, the number of possible ways in which their vulnerabilities can be exploited is also on the rise. In this article, we demonstrate a novel attack which uses the sound emanating from a tap made on the touchscreen of a smartphone to decipher the text being typed. The audio signal captured by the pair of microphones typically embedded in a smartphone is first processed to determine a candidate set of keys. Filters are employed to make this step robust against ambient noise. Natural language processing techniques are then used to estimate the most probable words and sentences that can be constructed from a sequence of taps. It is shown that using even off-the-shelf tools, the typed text including passwords can be guessed with reasonably high accuracy. Besides raising awareness about this potential side-channel attack, we identify the causes that allow it to succeed and suggest countermeasures.

KW - Side-channel attack

KW - key tap

KW - natural language processing

KW - noise filtering

KW - smartphone

UR - http://www.scopus.com/inward/record.url?scp=85040358287&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85040358287&partnerID=8YFLogxK

U2 - 10.3233/JCS-17975

DO - 10.3233/JCS-17975

M3 - Article

AN - SCOPUS:85040358287

SN - 0926-227X

VL - 26

SP - 255

EP - 281

JO - Journal of Computer Security

JF - Journal of Computer Security

IS - 2

ER -

A side-channel attack on smartphones: Deciphering key taps using built-in microphones

Abstract

All Science Journal Classification (ASJC) codes

Keywords

Access to Document

Other files and links

Fingerprint

Cite this