research-article

PatternListener: Cracking Android Pattern Lock Using Acoustic Signals

Authors:

Xiaofeng ChenAuthors Info & Claims

CCS '18: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security

Pages 1775 - 1787

https://doi.org/10.1145/3243734.3243777

Published: 15 October 2018 Publication History

Abstract

Pattern lock has been widely used for authentication to protect user privacy on mobile devices (e.g., smartphones and tablets). Several attacks have been constructed to crack the lock. However, these approaches require the attackers to be either physically close to the target device or able to manipulate the network facilities (e.g., wifi hotspots) used by the victims. Therefore, the effectiveness of the attacks is highly sensitive to the setting of the environment where the users use the mobile devices. Also, these attacks are not scalable since they cannot easily infer patterns of a large number of users. Motivated by an observation that fingertip motions on the screen of a mobile device can be captured by analyzing surrounding acoustic signals on it, we propose PatternListener, a novel acoustic attack that cracks pattern lock by leveraging and analyzing imperceptible acoustic signals reflected by the fingertip. It leverages speakers and microphones of the victim's device to play imperceptible audio and record the acoustic signals reflected from the fingertip. In particular, it infers each unlock pattern by analyzing individual lines that are the trajectories of the fingertip and composed of the pattern. We propose several algorithms to construct signal segments for each line and infer possible candidates of each individual line according to the signal segments. Finally, we produce a tree to map all line candidates into grid patterns and thereby obtain the candidates of the entire unlock pattern. We implement a PatternListener prototype by using off-the-shelf smartphones and thoroughly evaluate it using 130 unique patterns. The real experimental results demonstrate that PatternListener can successfully exploit over 90% patterns in five attempts.

Supplementary Material

MP4 File (p1775-li.mp4)

Download
318.91 MB

References

[1]

2016. How to Use Raise to Wake on iPhone. http://www.imore.com/how-use-raise-wake-ios-10.

[2]

2017. Android Service Daemon Using JobScheduler. https://github.com/xingda920813/HelloDaemon.

[3]

2017. "Hey Google" Can Now Wake Up Your Device. https://www.igyaan.in/141405/hey-google-to-wake-up-phones/.

[4]

2018. Aliplay. https://www.alipay.com/.

[5]

2018. Android 9.0. https://developer.android.com/preview/download.html.

[6]

Panagiotis Andriotis, Theo Tryfonas, George Oikonomou, and Can Yildiz. 2013. A pilot study on the security of pattern screen-lock methods and soft side channel attacks. In Proc. of WiSec. ACM, 1--6.

Digital Library

[7]

Daniel Arp, Erwin Quiring, Christian Wressnegger, and Konrad Rieck. 2017. Privacy Threats through Ultrasonic Side Channels on Mobile Devices. In Proc. of EuroS&P. IEEE, 35--47.

[8]

Dmitri Asonov and Rakesh Agrawal. 2004. Keyboard acoustic emanations. In Proc. of S&P. IEEE, 3--11.

[9]

Adam J Aviv, Devon Budzitowski, and Ravi Kuber. 2015. Is Bigger Better? Comparing User-Generated Passwords on 3x3 vs. 4x4 Grid Sizes for Android's Pattern Unlock. In Proc. of ACSAC. ACM, 301--310.

Digital Library

[10]

Adam J Aviv and Dane Fichter. 2014. Understanding visual perceptions of usability and security of Android's graphical password pattern. In Proc. of ACSAC. ACM, 286--295.

Digital Library

[11]

Adam J Aviv, Katherine L Gibson, Evan Mossop, Matt Blaze, and Jonathan M Smith. 2010. Smudge Attacks on Smartphone Touch Screens. Woot 10 (2010), 1--7.

Digital Library

[12]

Adam J Aviv, Benjamin Sapp, Matt Blaze, and Jonathan M Smith. 2012. Practicality of accelerometer side channels on smartphones. In Proc. of ACSAC. ACM, 41--50.

Digital Library

[13]

Yigael Berger, Avishai Wool, and Arie Yeredor. 2006. Dictionary attacks using keyboard acoustic emanations. In Proc. of CCS. ACM, 245--254.

Digital Library

[14]

Liang Cai and Hao Chen. 2011. TouchLogger: inferring keystrokes on touch screen from smartphone motion. In Proc. of HotSec. USENIX, 9--9.

Digital Library

[15]

Ke-Yu Chen, Daniel Ashbrook, Mayank Goel, Sung-Hyuck Lee, and Shwetak Patel. 2014. AirLink: sharing files between multiple devices using in-air gestures. In Proc. of UbiComp. ACM, 565--569.

Digital Library

[16]

Geumhwan Cho, Jun Ho Huh, Junsung Cho, Seongyeol Oh, Youngbae Song, and Hyoungshick Kim. 2017. SysPal: System-guided Pattern Locks for Android. In Proc. of S&P. IEEE, 338--356.

[17]

Antonella De Angeli, Lynne Coventry, Graham Johnson, and Karen Renaud. 2005. Is a picture really worth a thousand words? Exploring the feasibility of graphical authentication systems. International Journal of Human-Computer Studies 63, 1 (2005), 128--152.

Digital Library

[18]

Mengyuan Li, Yan Meng, Junyi Liu, Haojin Zhu, Xiaohui Liang, Yao Liu, and Na Ruan. 2016. When CSI Meets Public WiFi: Inferring Your Mobile Phone Password via WiFi Signals. In Proc. of CCS. ACM, 1068--1079.

Digital Library

[19]

Jian Liu, Yan Wang, Gorkem Kar, Yingying Chen, Jie Yang, and Marco Gruteser. 2015. Snooping keystrokes with mm-level audio ranging on a single phone. In Proc. of MobiCom. ACM, 142--154.

Digital Library

[20]

Marte Dybevik Løge. 2015. Tell Me Who You Are and I Will Tell You Your Unlock Pattern. Master's thesis. NTNU.

[21]

Emiliano Miluzzo, Alexander Varshavsky, Suhrid Balakrishnan, and Romit Roy Choudhury. 2012. Tapprints: your finger taps have fingerprints. In Proc. of MobiSys. ACM, 323--336.

Digital Library

[22]

Rajalakshmi Nandakumar, Vikram Iyer, Desney Tan, and Shyamnath Gollakota. 2016. Fingerio: Using active sonar for fine-grained finger tracking. In Proc. of CHI. ACM, 1515--1525.

Digital Library

[23]

Emmanuel Owusu, Jun Han, Sauvik Das, Adrian Perrig, and Joy Zhang. 2012. ACCessory: password inference using accelerometers on smartphones. In Proc. of HotMobile. ACM, 9.

Digital Library

[24]

Laurent Simon and Ross Anderson. 2013. Pin skimmer: Inferring pins through the camera and microphone. In Proc. of SPSM. ACM, 67--78.

Digital Library

[25]

Youngbae Song, Geumhwan Cho, Seongyeol Oh, Hyoungshick Kim, and Jun Ho Huh. 2015. On the effectiveness of pattern lock strength meters: Measuring the strength of real world pattern locks. In Proc. of CHI. ACM, 2343--2352.

Digital Library

[26]

Chen Sun, Yang Wang, and Jun Zheng. 2014. Dissecting pattern unlock: The effect of pattern strength meter on pattern selection. Journal of Information Security and Applications 19, 4 (2014), 308--320.

Digital Library

[27]

T Trippel, O Weisse, W Xu, P Honeyman, and K Fu. 2017. WALNUT: Waging doubt on the integrity of mems accelerometers with acoustic injection attacks. In Proc. of EuroS&P. IEEE, 3--18.

[28]

David Tse and Pramod Viswanath. 2005. Fundamentals of wireless communication. Cambridge university press.

[29]

Sebastian Uellenbeck, Markus Dürmuth, Christopher Wolf, and Thorsten Holz. 2013. Quantifying the security of graphical passwords: the case of android unlock patterns. In Proc. of CCS. ACM, 161--172.

Digital Library

[30]

Junjue Wang, Kaichen Zhao, Xinyu Zhang, and Chunyi Peng. 2014. Ubiquitous keyboard for small mobile devices: harnessing multipath fading for fine-grained keystroke localization. In Proc. of MobiSys. ACM, 14--27.

Digital Library

[31]

Qian Wang, Kui Ren, Man Zhou, Tao Lei, Dimitrios Koutsonikolas, and Lu Su. 2016. Messages behind the sound: real-time hidden acoustic signal capture with smartphones. In Proc. of MobiCom. ACM, 29--41.

Digital Library

[32]

Wei Wang, Alex X Liu, and Ke Sun. 2016. Device-free gesture tracking using acoustic signals. In Proc. of MobiCom. ACM, 82--94.

Digital Library

[33]

Guixin Ye, Zhanyong Tang, Dingyi Fang, Xiaojiang Chen, Kwang In Kim, Ben Taylor, and Zheng Wang. 2017. Cracking Android pattern lock in five attempts. In Proc. of NDSS.

[34]

Sangki Yun, Yi-Chao Chen, Huihuang Zheng, Lili Qiu, and Wenguang Mao. 2017. Strata: Fine-Grained Acoustic-based Device-Free Tracking. In Proc. of MobiSys. ACM, 15--28.

Digital Library

[35]

Jie Zhang, Xiaolong Zheng, Zhanyong Tang, Tianzhang Xing, Xiaojiang Chen, Dingyi Fang, Rong Li, Xiaoqing Gong, and Feng Chen. 2016. Privacy leakage in mobile sensing: Your unlock passwords can be leaked through wireless hotspot functionality. Mobile Information Systems (2016).

[36]

Man Zhou, Qian Wang, Kui Ren, Dimitrios Koutsonikolas, Lu Su, and Yanjiao Chen. 2018. Dolphin: Real-Time Hidden Acoustic Signal Capture with Smart- phones. IEEE Transactions on Mobile Computing (2018).

[37]

Yajin Zhou and Xuxian Jiang. 2012. Dissecting android malware: Characterization and evolution. In Proc. of S&P. IEEE, 95--109.

Digital Library

[38]

Tong Zhu, Qiang Ma, Shanfeng Zhang, and Yunhao Liu. 2014. Context-free attacks using keyboard acoustic emanations. In Proc. of CCS. ACM, 453--464.

Digital Library

[39]

Li Zhuang, Feng Zhou, and J Doug Tygar. 2009. Keyboard acoustic emanations revisited. ACM Transactions on Information and System Security 13, 1 (2009), 3.

Digital Library

Cited By

Mahfouz A(2024)User Authentication in the IoT and IIoT EnvironmentSmart and Agile Cybersecurity for IoT and IIoT Environments10.4018/979-8-3693-3451-5.ch008(169-194)Online publication date: 30-Jun-2024
https://doi.org/10.4018/979-8-3693-3451-5.ch008
Saadi ZSadiq AAkif OFarhan A(2024)A Survey: Security Vulnerabilities and Protective Strategies for Graphical PasswordsElectronics10.3390/electronics1315304213:15(3042)Online publication date: 1-Aug-2024
https://doi.org/10.3390/electronics13153042
Xu ZLiu TJiang RHu PGuo ZLiu C(2024)AFaceProceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies10.1145/36435108:1(1-33)Online publication date: 6-Mar-2024
https://dl.acm.org/doi/10.1145/3643510
Show More Cited By

Index Terms

PatternListener: Cracking Android Pattern Lock Using Acoustic Signals
1. Security and privacy
  1. Network security
    1. Mobile and wireless security

Recommendations

A Video-based Attack for Android Pattern Lock

Pattern lock is widely used for identification and authentication on Android devices. This article presents a novel video-based side channel attack that can reconstruct Android locking patterns from video footage filmed using a smartphone. As a ...
Boosting the Guessing Attack Performance on Android Lock Patterns with Smudge Attacks
ASIA CCS '17: Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security

Android allows 20 consecutive fail attempts on unlocking a device. This makes it difficult for pure guessing attacks to crack user patterns on a stolen device before it permanently locks itself. We investigate the effectiveness of combining Markov model-...
Drammer: Deterministic Rowhammer Attacks on Mobile Platforms
CCS '16: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security

Recent work shows that the Rowhammer hardware bug can be used to craft powerful attacks and completely subvert a system. However, existing efforts either describe probabilistic (and thus unreliable) attacks or rely on special (and often unavailable) ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

CCS '18: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security

October 2018

2359 pages

ISBN:9781450356930

DOI:10.1145/3243734

General Chairs:
David Lie
University of Toronto
,
Mohammad Mannan
Concordia University
,
Program Chairs:
Michael Backes
CISPA Helmholtz Center i.G.
,
XiaoFeng Wang
Indiana University

Copyright © 2018 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 15 October 2018

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

CCS '18

Sponsor:

SIGSAC

CCS '18: 2018 ACM SIGSAC Conference on Computer and Communications Security

October 15 - 19, 2018

Toronto, Canada

Acceptance Rates

CCS '18 Paper Acceptance Rate 134 of 809 submissions, 17%;

Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '24

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 14 - 18, 2024

Salt Lake City , UT , USA

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

54
Total Citations
View Citations
1,190
Total Downloads

Downloads (Last 12 months)77
Downloads (Last 6 weeks)4

Reflects downloads up to 30 Aug 2024

Other Metrics

View Author Metrics

Citations

Cited By

Mahfouz A(2024)User Authentication in the IoT and IIoT EnvironmentSmart and Agile Cybersecurity for IoT and IIoT Environments10.4018/979-8-3693-3451-5.ch008(169-194)Online publication date: 30-Jun-2024
https://doi.org/10.4018/979-8-3693-3451-5.ch008
Saadi ZSadiq AAkif OFarhan A(2024)A Survey: Security Vulnerabilities and Protective Strategies for Graphical PasswordsElectronics10.3390/electronics1315304213:15(3042)Online publication date: 1-Aug-2024
https://doi.org/10.3390/electronics13153042
Xu ZLiu TJiang RHu PGuo ZLiu C(2024)AFaceProceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies10.1145/36435108:1(1-33)Online publication date: 6-Mar-2024
https://dl.acm.org/doi/10.1145/3643510
Wang HHu JZheng THu JChen ZJiang HZheng YLuo J(2024)MuKI-Fi: Multi-Person Keystroke Inference With BFI-Enabled Wi-Fi SensingIEEE Transactions on Mobile Computing10.1109/TMC.2024.336833923:10(9835-9850)Online publication date: Oct-2024
https://doi.org/10.1109/TMC.2024.3368339
Yang ZLi YZhou G(2024)Unsupervised Sensor-Based Continuous Authentication With Low-Rank Transformer Using Learning-to-Rank AlgorithmsIEEE Transactions on Mobile Computing10.1109/TMC.2024.335320923:9(8839-8854)Online publication date: Sep-2024
https://doi.org/10.1109/TMC.2024.3353209
Li YLiu LDeng SQin HEl-Yacoubi MZhou G(2024)Memory-Augmented Autoencoder based Continuous Authentication on Smartphones with Conditional Transformer GANsIEEE Transactions on Mobile Computing10.1109/TMC.2023.3290834(1-16)Online publication date: 2024
https://doi.org/10.1109/TMC.2023.3290834
Cao HLiu DJiang HCai CZheng TLui JLuo J(2024)HandKey: Knocking-Triggered Robust Vibration Signature for Keyless UnlockingIEEE Transactions on Mobile Computing10.1109/TMC.2022.321686823:1(520-534)Online publication date: Jan-2024
https://doi.org/10.1109/TMC.2022.3216868
Cheng PWu YHong YBa ZLin FLu LRen K(2024)UniAP: Protecting Speech Privacy With Non-Targeted Universal Adversarial PerturbationsIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2023.324229221:1(31-46)Online publication date: Jan-2024
https://doi.org/10.1109/TDSC.2023.3242292
Liu JZou XZhao LTao YHu SHan JRen K(2024)Privacy Leakage in Wireless ChargingIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2022.317306321:2(501-514)Online publication date: Mar-2024
https://doi.org/10.1109/TDSC.2022.3173063
Chen SJiang HHu JXiao ZLiu D(2024)Silent Thief: Password Eavesdropping Leveraging Wi-Fi Beamforming Feedback from POS TerminalIEEE INFOCOM 2024 - IEEE Conference on Computer Communications10.1109/INFOCOM52122.2024.10621321(321-330)Online publication date: 20-May-2024
https://doi.org/10.1109/INFOCOM52122.2024.10621321
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents