research-article

Tapprints: your finger taps have fingerprints

Authors:

Emiliano Miluzzo,

Alexander Varshavsky,

Suhrid Balakrishnan,

Romit Roy ChoudhuryAuthors Info & Claims

MobiSys '12: Proceedings of the 10th international conference on Mobile systems, applications, and services

Pages 323 - 336

https://doi.org/10.1145/2307636.2307666

Published: 25 June 2012 Publication History

Abstract

This paper shows that the location of screen taps on modern smartphones and tablets can be identified from accelerometer and gyroscope readings. Our findings have serious implications, as we demonstrate that an attacker can launch a background process on commodity smartphones and tablets, and silently monitor the user's inputs, such as keyboard presses and icon taps. While precise tap detection is nontrivial, requiring machine learning algorithms to identify fingerprints of closely spaced keys, sensitive sensors on modern devices aid the process. We present TapPrints, a framework for inferring the location of taps on mobile device touch-screens using motion sensor data combined with machine learning analysis. By running tests on two different off-the-shelf smartphones and a tablet computer we show that identifying tap locations on the screen and inferring English letters could be done with up to 90% and 80% accuracy, respectively. By optimizing the core tap detection capability with additional information, such as contextual priors, we are able to further magnify the core threat.

References

[1]

S. Agrawal, I. Constandache, S. Gaonkar, R. Roy Choudhury, K. Caves, and F. DeRuyter. Using Mobile Phones to Write in Air. In Proceedings of the 9th international conference on Mobile systems, applications, and services, pages 15--28. ACM, 2011.

Digital Library

[2]

M. Azizyan, I. Constandache, and R. Roy Choudhury. Surroundsense: Mobile Phone Localization via Ambience Fingerprinting. In Proceedings of the 15th annual international conference on Mobile computing and networking, pages 261--272. ACM, 2009.

Digital Library

[3]

R. Becker, R. Cáceres, K. Hanson, J. Loh, S. Urbanek, A. Varshavsky, and C. Volinsky. A Tale of One City: Using Cellular Network Data for Urban Planning. IEEE Pervasive Computing, Vol. 10, No. 4, October-December 2011, 2011.

Digital Library

[4]

S. Block and A. Popescu. Device Orientation Event Specification. W3C, Draft 12 July 2011.

[5]

L. Breiman. Random Forests. In Machine Learning, volume 45(1), 2001.

Digital Library

[6]

L. Cai and H. Chen. Touchlogger: Inferring Keystrokes on Touch Screen from Smartphone Motion. In Proceedings of the 6th USENIX conference on Hot topics in security (HotSec'11). USENIX Association, Berkeley, CA, USA, pages 9--9, 2011.

Digital Library

[7]

E. Owusu, J. Han, S. Das, A. Perrig and J. Zhang. ACCessory: Password Inference using Accelerometers on Smartphones. In Proceedings of the 13th Workshop on Mobile Computing Systems and Applications (HotMobile'12). San Diego, CA, USA, 20121.

Digital Library

[8]

L. Cai, S. Machiraju, and H. Chen. Defending Against Sensor-Sniffing Attacks on Mobile Phones. In Proceedings of the 1st ACM workshop on Networking, systems, and applications for mobile handhelds, 2009.

Digital Library

[9]

R. Caruana, A. Niculescu-Mizil, G. Crew, and A. Ksikes. Ensemble Selection from Libraries of Models. In Proceedings of the twenty-first international conference on Machine learning, ICML '04, pages 18--, New York, NY, USA, 2004. ACM.

Digital Library

[10]

T. G. Dietterich. Ensemble Methods in Machine Learning. In Multiple Classifier Systems, pages 1--15, 2000.

[11]

P. Domingos. Bayesian Averaging of Classifiers and the Overfitting Problem. In In Proceedings 17th International Conference on Machine Learning, pages 223--230. Morgan Kaufmann, 2000.

Digital Library

[12]

M. Egele, C. Kruegel, E. Kirda, and G. Vigna. Pios: Detecting Privacy Leaks in iOS Applications. In Proceedings of the Network and Distributed System Security Symposium, 2011.

[13]

W. Enck, P. Gilbert, B. Chun, L. Cox, J. Jung, P. McDaniel, and A. Sheth. Taintdroid: an Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones. In Proceedings of the 9th USENIX conference on Operating systems design and implementation, pages 1--6. USENIX Association, 2010.

Digital Library

[14]

D. Foo Kune and Y. Kim. Timing Attacks on Pin Input Devices. In Proceedings of the 17th ACM conference on Computer and communications security (CCS '10), 2010.

Digital Library

[15]

M. Jahrer, A. Töscher, and R. Legenstein. Combining Predictions for Accurate Recommender Systems. In Proceedings of the 16th ACM SIGKDD international conference on Knowledge discovery and data mining, KDD '10, pages 693--702, New York, NY, USA, 2010. ACM.

Digital Library

[16]

N. Lane, E. Miluzzo, H. Lu, D. Peebles, T. Choudhury, and A. Campbell. A Survey of Mobile Phone Sensing. Communications Magazine, IEEE, 48(9):140--150, 2010.

Digital Library

[17]

H. Lu, J. Yang, Z. Liu, N. Lane, T. Choudhury, and A. Campbell. The Jigsaw Continuous Sensing Engine for Mobile Phone Applications. In Proceedings of the 8th ACM Conference on Embedded Networked Sensor Systems, pages 71--84. ACM, 2010.

Digital Library

[18]

V. M. and P. S. Compromising Electromagnetic Emanations of Wired and Wireless Keyboards. In Proceedings of the 18th conference on USENIX security symposium, 2009.

Digital Library

[19]

P. Marquardt, A. Verma, H. Carter, and P. Traynor. (sp)iphone: Decoding Vibrations from Nearby Keyboards Using Mobile Phone Accelerometers. In Proceedings of the 18th ACM conference on Computer and communications security, pages 551--562. ACM, 2011.

Digital Library

[20]

P. McCullagh and J. A. Nelder. Generalized Linear Models (Second edition). London: Chapman & Hall, 1989.

[21]

S. McKinley and M. Levine. Cubic Spline Interpolation. College of the Redwoods, 1998.

[22]

E. Miluzzo, N. Lane, K. Fodor, R. Peterson, H. Lu, M. Musolesi, S. Eisenman, X. Zheng, and A. Campbell. Sensing Meets Mobile Social Networks: the Design, Implementation and Evaluation of the CenceMe Application. In Proceedings of the 6th ACM conference on Embedded network sensor systems, pages 337--350. ACM, 2008.

Digital Library

[23]

B. Pinkas and T. Sander. Securing Passwords Against Dictionary Attacks. In Proceedings of the 9th ACM Conference on Computer and Communications Security, pages 161--170. ACM, 2002.

Digital Library

[24]

M. Poh, K. Kim, A. Goessling, N. Swenson, and R. Picard. Cardiovascular Monitoring Using Earphones and a Mobile Device. Pervasive Computing, IEEE, (99):1--1, 2011.

Digital Library

[25]

R. Schlegel, K. Zhang, X. Zhou, M. Intwala, A. Kapadia, and X. Wang. Soundcomber: a Stealthy and Context-Aware SoundTrojan for Smartphones. In Proceedings of the 18th Annual Network and Distributed System Security Symposium (NDSS '11), 2011.

[26]

B. Schoelkopf, C. Burges, and A. Smola. Advances in Kernel Methods - Support Vector Learning. MIT Press, 1998.

Digital Library

[27]

L. Zhuang, F. Zhou, and J. D. Tygar. Keyboard Acoustic Emanations Revisited. ACM Trans. Inf. Syst. Secur., 2009.

Digital Library

[28]

K. Killourhy and R. Maxion. Comparing Anomaly-Detection Algorithms for Keystroke Dynamics. In Dependable Systems & Networks, 2009. DSN'09. IEEE/IFIP International Conference on, pages 125--134. IEEE, 2009.

Cited By

Lin YWong JLi XMa HGao DBalzarotti DXu W(2024)Peep with a mirrorProceedings of the 33rd USENIX Conference on Security Symposium10.5555/3698900.3699019(2119-2135)Online publication date: 14-Aug-2024
https://dl.acm.org/doi/10.5555/3698900.3699019
Hrast TAhlström DHitz M(2024)Observations and Considerations for Implementing Vibration Signals as an Input Technique for Mobile DevicesMultimodal Technologies and Interaction10.3390/mti80900768:9(76)Online publication date: 2-Sep-2024
https://doi.org/10.3390/mti8090076
Xiao GLing ZFan QXu XWu WDing DChen CFu X(2024)Pivot: Panoramic-Image-Based VR User Authentication against Side-Channel AttacksACM Transactions on Multimedia Computing, Communications, and Applications10.1145/369497521:2(1-19)Online publication date: 9-Sep-2024
https://dl.acm.org/doi/10.1145/3694975
Show More Cited By

Index Terms

Tapprints: your finger taps have fingerprints
1. Hardware
  1. Communication hardware, interfaces and storage
    1. Signal processing systems

Recommendations

Single-stroke language-agnostic keylogging using stereo-microphones and domain specific machine learning
WiSec '14: Proceedings of the 2014 ACM conference on Security and privacy in wireless & mobile networks

Mobile phones are equipped with an increasingly large number of precise and sophisticated sensors. This raises the risk of direct and indirect privacy breaches. In this paper, we investigate the feasibility of keystroke inference when user taps on a ...
Hobson's Choice: Security and Privacy Permissions in Android and iOS Devices
Proceedings of the Third International Conference on Human Aspects of Information Security, Privacy, and Trust - Volume 9190

The use of smartphones and tablet devices has grown rapidly over recent years and the widespread availability of software, often from unknown developers, has led to security and privacy concerns. In order to prevent security compromises, these devices ...
A standard for developing secure mobile applications

The abundance of mobile software applications (apps) has created a security challenge. These apps are widely available across all platforms for little to no cost and are often created by small companies and less-experienced programmers. The lack of ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

MobiSys '12: Proceedings of the 10th international conference on Mobile systems, applications, and services

June 2012

548 pages

ISBN:9781450313018

DOI:10.1145/2307636

General Chair:
Nigel Davies
Lancaster University, UK
,
Program Chairs:
Srinivasan Seshan
Carnegie Mellon University, USA
,
Lin Zhong
Rice University, USA

Copyright © 2012 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGMOBILE: ACM Special Interest Group on Mobility of Systems, Users, Data and Computing

In-Cooperation

SIGOPS: ACM Special Interest Group on Operating Systems

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 25 June 2012

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

MobiSys'12

Sponsor:

SIGMOBILE

MobiSys'12: The 10th International Conference on Mobile Systems, Applications, and Services

June 25 - 29, 2012

Lake District, Low Wood Bay, UK

Acceptance Rates

Overall Acceptance Rate 274 of 1,679 submissions, 16%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

248
Total Citations
View Citations
1,461
Total Downloads

Downloads (Last 12 months)41
Downloads (Last 6 weeks)6

Reflects downloads up to 15 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Lin YWong JLi XMa HGao DBalzarotti DXu W(2024)Peep with a mirrorProceedings of the 33rd USENIX Conference on Security Symposium10.5555/3698900.3699019(2119-2135)Online publication date: 14-Aug-2024
https://dl.acm.org/doi/10.5555/3698900.3699019
Hrast TAhlström DHitz M(2024)Observations and Considerations for Implementing Vibration Signals as an Input Technique for Mobile DevicesMultimodal Technologies and Interaction10.3390/mti80900768:9(76)Online publication date: 2-Sep-2024
https://doi.org/10.3390/mti8090076
Xiao GLing ZFan QXu XWu WDing DChen CFu X(2024)Pivot: Panoramic-Image-Based VR User Authentication against Side-Channel AttacksACM Transactions on Multimedia Computing, Communications, and Applications10.1145/369497521:2(1-19)Online publication date: 9-Sep-2024
https://dl.acm.org/doi/10.1145/3694975
Montori FSciullo LBedogni L(2024)Raising Awareness for Inertial Sensors-based Keylogging on SmartphonesProceedings of the 2024 International Conference on Information Technology for Social Good10.1145/3677525.3678634(14-21)Online publication date: 4-Sep-2024
https://dl.acm.org/doi/10.1145/3677525.3678634
Wan TZhang LXu YGuo ZGao BLiang H(2024)Analysis and Design of Efficient Authentication Techniques for Password Entry with the Qwerty Keyboard for VR EnvironmentsIEEE Transactions on Visualization and Computer Graphics10.1109/TVCG.2024.345619530:11(7075-7085)Online publication date: 1-Nov-2024
https://dl.acm.org/doi/10.1109/TVCG.2024.3456195
Cao YLi FChen HLiu XZhai SYang SWang Y(2024)Live Speech Recognition via Earphone Motion SensorsIEEE Transactions on Mobile Computing10.1109/TMC.2023.333321423:6(7284-7300)Online publication date: Jun-2024
https://doi.org/10.1109/TMC.2023.3333214
Gao MZhang LShen LZou XHan JLin FRen K(2024)Exploring Practical Acoustic Transduction Attacks on Inertial Sensors in MDOF SystemsIEEE Transactions on Mobile Computing10.1109/TMC.2023.3277287(1-18)Online publication date: 2024
https://doi.org/10.1109/TMC.2023.3277287
Liu JZou XZhao LTao YHu SHan JRen K(2024)Privacy Leakage in Wireless ChargingIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2022.317306321:2(501-514)Online publication date: Mar-2024
https://doi.org/10.1109/TDSC.2022.3173063
Gopal SShukla DWheelock JSaxena NCalandrino JTroncoso C(2023)Hidden realityProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620286(859-876)Online publication date: 9-Aug-2023
https://dl.acm.org/doi/10.5555/3620237.3620286
Bolton CLong YHan JHester JFu K(2023)Characterizing and Mitigating Touchtone Eavesdropping in Smartphone Motion SensorsProceedings of the 26th International Symposium on Research in Attacks, Intrusions and Defenses10.1145/3607199.3607203(164-178)Online publication date: 16-Oct-2023
https://dl.acm.org/doi/10.1145/3607199.3607203
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents