research-article

(sp)iPhone: decoding vibrations from nearby keyboards using mobile phone accelerometers

Authors:

Philip Marquardt,

Patrick TraynorAuthors Info & Claims

CCS '11: Proceedings of the 18th ACM conference on Computer and communications security

Pages 551 - 562

https://doi.org/10.1145/2046707.2046771

Published: 17 October 2011 Publication History

Abstract

Mobile phones are increasingly equipped with a range of highly responsive sensors. From cameras and GPS receivers to three-axis accelerometers, applications running on these devices are able to experience rich interactions with their environment. Unfortunately, some applications may be able to use such sensors to monitor their surroundings in unintended ways. In this paper, we demonstrate that an application with access to accelerometer readings on a modern mobile phone can use such information to recover text entered on a nearby keyboard. Note that unlike previous emanation recovery papers, the accelerometers on such devices sample at near the Nyquist rate, making previous techniques unworkable. Our application instead detects and decodes keystrokes by measuring the relative physical position and distance between each vibration. We then match abstracted words against candidate dictionaries and record word recovery rates as high as 80%. In so doing, we demonstrate the potential to recover significant information from the vicinity of a mobile device without gaining access to resources generally considered to be the most likely sources of leakage (e.g., microphone, camera).

References

[1]

D. Agrawal, J. Rao, and P. Rohatgi. The EM side-channels. In Proceedings of the Workshop on Cryptographic Hardware and Embedded Systems (CHES), 2002.

Digital Library

[2]

Android Developers. Manifest.permission. http://developer.android.com/reference/android/Manifest.permission.html%, 2010.

[3]

D. Asonov and R. Agrawal. Keyboard Acoustic Emanations. In Proceedings of the IEEE Symposium on Security and Privacy, 2004.

[4]

R. Ayres and K. Martinas. 120 WPM for Very Skilled Typist. On the Reappraisal of Microeconomics: Economic Growth and Change in a Material World, page 41, 2005.

[5]

M. Backes, T. Chen, M. Durmuth, H. P. A. Lensch, and M. Welk. Tempest in a Teapot: Compromising Reflections Revisited. In Proceedings of the IEEE Symposium on Security and Privacy (OAKLAND), 2009.

Digital Library

[6]

M. Backes, M. Duermuth, S. Gerling, M. Pinkal, and C. Sporleder. Acoustic Side-Channel Attacks on Printers. In Proceedings of the USENIX Security Symposium (SECURITY), 2010.

Digital Library

[7]

M. Backes, M. Durmuth, and D. Unruh. Compromising Reflections -- or -- How to Read LCD Monitors Around the Corner. In Proceedings of the IEEE Symposium on Security and Privacy (OAKLAND), 2008.

Digital Library

[8]

A. Barisani and D. Bianco. Sniffing Keystrokes With Lasers and Voltmeters. In Proceedings of Black Hat USA, 2009.

[9]

D. Barrera, H. Kayacik, P. van Oorschot, and A. Somayaji. A Methodology for Empirical Analysis of the Permission-Based Security Models and its Application to Android. In Proceedings of the ACM Conference on Computer and Communications Security (CCS), 2010.

Digital Library

[10]

Y. Berger, A. Wool, and A. Yeredor. Dictionary Attacks Using Keyboard Acoustic Emanations. In Proceedings of the ACM Conference on Computer and Communications Security (CCS), 2006.

Digital Library

[11]

R. Briol. Emanation: How to keep your data confidential. In Symposium on Electromagnetic Security For Information Protection, 1991.

[12]

M. Brookes. Voicebox: Speech processing toolbox for matlab. http://www.ee.ic.ac.uk/hp/staff/dmb/voicebox/voicebox.html.

[13]

L. Cai, S. Machiraju, and H. Chen. Defending Against Sensor-Sniffing Attacks on Mobile Phones. In Proceedings of ACM SIGCOMM Workshop on Networking, Systems, Applications on Mobile Handhelds (MobiHeld), 2009.

Digital Library

[14]

C. Camia. Rahm emanuel can run for chicago mayor. http://content.usatoday.com/communities/onpolitics/post/2011/01/chicago%-mayor-rahm-emanuel-/1, January 2011.

[15]

C. Camia. Rahm emanuel to fight to get onto chicago ballot. http://content.usatoday.com/communities/onpolitics/post/2011/01/rahm-em%anuel-chicago-mayor-court-ruling-/1, January 2011.

[16]

Z. Cheng. Mobile Malware: Threats and Prevention. http://www.mcafee.com/us/local_content/white_papers/threat_center/wp__m%alware_r2_en.pdf, 2007.

[17]

D. Dagon, T. Martin, and T. Starner. Mobile Phones as Computing Devices: The Viruses are Coming! IEEE Pervasive Computing, 3(4):11--15, October - December 2004.

Digital Library

[18]

M. Davey. Emanuel keeps campaigning, as he fights to get back on the ballot. http://thecaucus.blogs.nytimes.com/2011/01/25/emanuel-keeps-campaigning%-as-he-fights -to-get-back-on-the-ballot/?scp=8&sq=Rahm+Emanuel&st=nyt, January 2011.

[19]

M. Davey. Emanuel raises $10 million for chicago mayor's race. http://query.nytimes.com/gst/fullpage.html?res=9B00E0DC1E3EF932A15752C0%A9679D8B63&scp=10&sq=Rahm+Emanuel&st=nyt, January 2011.

[20]

M. Davey and J. Schwartz. Emanuel back on ballot; court will hear case. https://www.nytimes.com/2011/01/26/us/politics/26rahm.html?scp=9&sq=Rahm+Emanuel&st=nyt, January 2011.

[21]

M. Egele, C. Kruegel, E. Kirda, and G. Vigna. PiOS: Detecting Privacy Leaks in iOS Applications. In Proceedings of the ISOC Network and Distributed Systems Security (NDSS) Symposium, 2011.

[22]

Electromax International, Inc. Spy Surveillance: Laser Listening Systems. http://www.electromax.com/laser.html, 1998.

[23]

W. Enck, P. Gilbert, B.-G. Chun, L. P. Cox, J. Jung, P. McDaniel, and A. N. Sheth. TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones. In Proceedings of the USENIX Symposium on Operating Systems Design and Implementation (OSDI), 2010.

Digital Library

[24]

W. Enck, M. Ongtang, and P. McDaniel. On Lightweight Mobile Phone Application Certification. In Proceedings of the ACM Conference on Computer and Communications Security (CCS), 2009.

Digital Library

[25]

J. Keen. Rahm emanuel's mayoral bid hits pothole. http://www.usatoday.com/news/politics/2011-01--25-emanuel25_ST_N.htm, January 2011.

[26]

M. G. Kuhn. Optical time-domain eavesdropping risks of CRT displays. In Proceedings of the IEEE Symposium on Security and Privacy (OAKLAND), 2002.

Digital Library

[27]

M. G. Kuhn and R. J. Anderson. Soft Tempest: Hidden Data Transmission Using Electromagnetic Emanations. Information Hiding, Lecture Notes in Computer Science 1525:124--142, 1998.

[28]

B. C. Nalty. The War Against Trucks Aerial Interdiction in Southern Laos 1968--1972. Office of Air Force History, Washington, DC, 2005.

[29]

National Security Agency. TEMPEST. http://www.nsa.gov/public_info/files/cryptologic_spectrum/tempest.pdf, 2007.

[30]

I. S. on Subjective Measurements. Ieee recommended practices for speech quality measurements. IEEE Transactions on Audio and Electroacoustics, 17:227--46, 1969.

[31]

J.-J. Quisquater and D. Samyde. ElectroMagnetic Analysis (EMA): Measures and Counter-Measures for Smart Cards. In Proceedings of the International Conference on Research in Smart Cards (E-SMART), 2001.

Digital Library

[32]

R. Schlegel, K. Zhang, X. Zhou, M. Intwala, A. Kapadia, and X. Wang. Soundcomber: A Stealthy and Context-Aware Sound Trojan for Smartphones. In Proceedings of the ISOC Network and Distributed Systems Security (NDSS) Symposium, 2011.

[33]

S. W. Smith. The Scientist and Engineer's Guide to Digital Signal Processing. Elsevier/Newnes Publishing, 2002.

Digital Library

[34]

P. Smulders. The Threat of Information Theft by Reception of Electromagnetic Radiation from RS-232 Cables. Computers and Security, 9(1):53--58, 1990.

Digital Library

[35]

D. Stanglin. Court puts rahm emanuel back on ballot, agrees to hear case. http://content.usatoday.com/communities/ondeadline/post/2011/01/rahm-em%anuel-back-on-the-ballot-pending- possible-court-hearing/1, January 2011.

[36]

D. Stanglin. Rahm emanuel to fight ruling booting him from mayoral ballot. http://content.usatoday.com/communities/ondeadline/post/2011/01/court-s%ays-rahm-emanuel-ineligible-to- run-for-chicago-mayor/1, January 2011.

[37]

T. Thomas. Malware on the Move. http://mobile-security-software-review.toptenreviews.com/malware-on-the%-move.html, 2008.

[38]

P. Traynor, C. Amrutkar, V. Rao, T. Jaeger, P. McDaniel, and T. La Porta. From Mobile Phones to Responsible Devices. Journal of Security and Communication Networks (SCN), To Appear 2011.

[39]

W. Van Eck. Electromagnetic Radiation from Video Display Units: An Eavesdropping Risk? Computers and Security, 4:269--286, 1985.

Digital Library

[40]

M. Vuagnoux and S. Pasini. Compromising Electromagnetic Emanations from Wired and Wireless Keyboards. In Proceedings of the USENIX Security Symposium (SECURITY), 2009.

Digital Library

[41]

www.st.com. Lis331dlh. http://www.st.com/stonline/products/literature/ds/15094.pdf, July 2009.

[42]

L. Zhuang, F. Zhou, and J. D. Tygar. Keyboard Acoustic Emanations Revisited. In Proceedings of the ACM Conference on Computer and Communications Security (CCS), 2005.

Digital Library

Cited By

Zhang JHou JTian YLi X(2025)WordWhisper: Exploiting Real-Time, Hardware-Dependent IoT Communication Against EavesdroppingIEEE Transactions on Mobile Computing10.1109/TMC.2024.344333324:1(15-29)Online publication date: Jan-2025
https://doi.org/10.1109/TMC.2024.3443333
Ramli ALiu XBerndt KGoude EHou JKaethler LLiu RLopez ANicorici AOwens CRodriguez DWang JZhang HAranki DMcDonald CHenricson E(2024)Gait Characterization in Duchenne Muscular Dystrophy (DMD) Using a Single-Sensor Accelerometer: Classical Machine Learning and Deep Learning ApproachesSensors10.3390/s2404112324:4(1123)Online publication date: 8-Feb-2024
https://doi.org/10.3390/s24041123
Montori FSciullo LBedogni L(2024)Raising Awareness for Inertial Sensors-based Keylogging on SmartphonesProceedings of the 2024 International Conference on Information Technology for Social Good10.1145/3677525.3678634(14-21)Online publication date: 4-Sep-2024
https://dl.acm.org/doi/10.1145/3677525.3678634
Show More Cited By

Index Terms

(sp)iPhone: decoding vibrations from nearby keyboards using mobile phone accelerometers
1. Security and privacy
  1. Intrusion/anomaly detection and malware mitigation
2. Social and professional topics
  1. Computing / technology policy
    1. Computer crime

Recommendations

Review on Surround Sense Hand Gestures for Mobile Devices
ICESC '14: Proceedings of the 2014 International Conference on Electronic Systems, Signal Processing and Computing Technologies

In recent years sensors in modern mobile phones enables a range of people-centric applications. This paper provides the system called as Phone Point Pen. This system use built in accelerometer in mobile phone to recognize human writing. Simply by ...
Sensor-based dead-reckoning for indoor positioning

This paper presents a method of indoor position determination using an accelerometer, compass and gyroscope which are typically available in devices such as smart phones. The method makes use of measurements from such a device worn on the body, such as ...
Measurements of lumbar spine kinematics in sitting postures using accelerometers: a preliminary study
i-CREATe '13: Proceedings of the 7th International Convention on Rehabilitation Engineering and Assistive Technology

Background & Aim: The best method of lumbar spine kinematic measurements in sitting is required to provide further information regarding the effects of sitting posture on low back pain. The aim of this study was to examine the errors and reliability of ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

CCS '11: Proceedings of the 18th ACM conference on Computer and communications security

October 2011

742 pages

ISBN:9781450309486

DOI:10.1145/2046707

General Chair:
Yan Chen
Northwestern University, USA
,
Program Chairs:
George Danezis
Microsoft Research Cambridge, UK
,
Vitaly Shmatikov
University of Texas at Austin, USA

Copyright © 2011 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 17 October 2011

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

CCS'11

Sponsor:

SIGSAC

CCS'11: the ACM Conference on Computer and Communications Security

October 17 - 21, 2011

Illinois, Chicago, USA

Acceptance Rates

CCS '11 Paper Acceptance Rate 60 of 429 submissions, 14%;

Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

206
Total Citations
View Citations
2,714
Total Downloads

Downloads (Last 12 months)88
Downloads (Last 6 weeks)5

Reflects downloads up to 31 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Zhang JHou JTian YLi X(2025)WordWhisper: Exploiting Real-Time, Hardware-Dependent IoT Communication Against EavesdroppingIEEE Transactions on Mobile Computing10.1109/TMC.2024.344333324:1(15-29)Online publication date: Jan-2025
https://doi.org/10.1109/TMC.2024.3443333
Ramli ALiu XBerndt KGoude EHou JKaethler LLiu RLopez ANicorici AOwens CRodriguez DWang JZhang HAranki DMcDonald CHenricson E(2024)Gait Characterization in Duchenne Muscular Dystrophy (DMD) Using a Single-Sensor Accelerometer: Classical Machine Learning and Deep Learning ApproachesSensors10.3390/s2404112324:4(1123)Online publication date: 8-Feb-2024
https://doi.org/10.3390/s24041123
Montori FSciullo LBedogni L(2024)Raising Awareness for Inertial Sensors-based Keylogging on SmartphonesProceedings of the 2024 International Conference on Information Technology for Social Good10.1145/3677525.3678634(14-21)Online publication date: 4-Sep-2024
https://dl.acm.org/doi/10.1145/3677525.3678634
Yao QLiu YSun XDong XJi XMa JLuo BLiao XXu JKirda ELie D(2024)Watch the Rhythm: Breaking Privacy with Accelerometer at the Extremely-Low Sampling Rate of 5HzProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security10.1145/3658644.3690370(1776-1790)Online publication date: 2-Dec-2024
https://dl.acm.org/doi/10.1145/3658644.3690370
Wang PHu JLiu CLuo JLuo BLiao XXu JKirda ELie D(2024)RefleXnoop: Passwords Snooping on NLoS Laptops Leveraging Screen-Induced Sound ReflectionProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security10.1145/3658644.3670341(3361-3375)Online publication date: 2-Dec-2024
https://dl.acm.org/doi/10.1145/3658644.3670341
Wang HHu JZheng THu JChen ZJiang HZheng YLuo J(2024)MuKI-Fi: Multi-Person Keystroke Inference With BFI-Enabled Wi-Fi SensingIEEE Transactions on Mobile Computing10.1109/TMC.2024.336833923:10(9835-9850)Online publication date: Oct-2024
https://doi.org/10.1109/TMC.2024.3368339
Seyedkazemi SGursoy MSaygin Y(2024)LuxTrack: Activity Inference Attacks via Smartphone Ambient Light Sensors and CountermeasuresIEEE Internet of Things Journal10.1109/JIOT.2024.340620811:17(28734-28751)Online publication date: 1-Sep-2024
https://doi.org/10.1109/JIOT.2024.3406208
Chen SJiang HHu JXiao ZLiu D(2024)Silent Thief: Password Eavesdropping Leveraging Wi-Fi Beamforming Feedback from POS TerminalIEEE INFOCOM 2024 - IEEE Conference on Computer Communications10.1109/INFOCOM52122.2024.10621321(321-330)Online publication date: 20-May-2024
https://doi.org/10.1109/INFOCOM52122.2024.10621321
He QYang EFang S(2024)A Survey on Human Profile Information Inference via Wireless SignalsIEEE Communications Surveys & Tutorials10.1109/COMST.2024.337339726:4(2577-2610)Online publication date: Dec-2025
https://doi.org/10.1109/COMST.2024.3373397
Flores GNahapetian A(2024)Keyboardless Keyboard: Smart Phone Gyroscope for Improved User Interface2024 IEEE 21st Consumer Communications & Networking Conference (CCNC)10.1109/CCNC51664.2024.10454832(472-477)Online publication date: 6-Jan-2024
https://doi.org/10.1109/CCNC51664.2024.10454832
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents