Li Lu,Jiadi Yu,Yingying Chen,Yanmin Zhu,Xiangyu Xu,Guangtao Xue,Minglu Li

DOI: https://doi.org/10.1109/infocom.2019.8737591

2019-01-01

Abstract:This paper demonstrates the feasibility of a side-channel attack to infer keystrokes on touch screen leveraging an off-the-shelf smartphone. Although there exist some studies on keystroke eavesdropping attacks on touch screen, they are mainly direct eavesdropping attacks, i.e., require the device of victims compromised to provide side-channel information for the adversary, which are hardly launched in practical scenarios. In this work, we show the practicability of an indirect eavesdropping attack, KeyListener, which infers keystrokes on QWERTY keyboards of touch screen leveraging audio devices on a smartphone. We investigate the attenuation of acoustic signals, and find that a user’s keystroke fingers can be localized through the attenuation of acoustic signals received by the microphones in the smartphone. We then utilize the attenuation of acoustic signals to localize each keystroke, and further analyze errors induced by ambient noises. To improve the accuracy of keystroke localization, KeyListener further tracks finger movements during inputs through phase change and Doppler effect to reduce errors of acoustic signal attenuation-based keystroke localization. In addition, a binary tree-based search approach is employed to infer keystrokes in a context-aware manner. The proposed keystroke eavesdropping attack is robust to various environments without the assistance of additional infrastructures. Extensive experiments demonstrate that the accuracy of keystroke inference in top-5 candidates can approach 90% with a top-5 error rate of around 6%, which is a strong indication of the possible user privacy leakage of inputs on QWERTY keyboard.

Rui Ning,Cong Wang,ChunSheng Xin,Jiang Li,Hongyi Wu

DOI: https://doi.org/10.1016/j.pmcj.2019.101106

IF: 3.848

2020-01-01

Pervasive and Mobile Computing

Abstract:In this paper, we report a newfound vulnerability on smartphones due to the malicious use of unsupervised sensor data. We demonstrate that an attacker can train deep Convolutional Neural Networks (CNN) by using magnetometer or orientation data to effectively infer the Apps and their usage information on a smartphone with an accuracy of over 80%. Furthermore, we show that such attacks can become even worse if sophisticated attackers exploit motion sensors to cluster the magnetometer or orientation data, improving the accuracy to as high as 98%. To mitigate such attacks, we propose a noise injection scheme that can effectively reduce the App sniffing accuracy to only 15% and at the same time has negligible effect on benign Apps.

Qinhong Jiang,Yanze Ren,Yan Long,Chen Yan,Yumai Sun,Xiaoyu Ji,Kevin Fu,Wenyuan Xu

DOI: https://doi.org/10.14722/ndss.2024.23015

2024-01-01

Abstract:Keyboards are the primary peripheral input devices for various critical computer application scenarios.This paper performs a security analysis of the keyboard sensing mechanisms and uncovers a new class of vulnerabilities that can be exploited to induce phantom keys-fake keystrokes injected into keyboards' analog circuits in a contactless way using electromagnetic interference (EMI).Besides regular keystrokes, such phantom keys also include keystrokes that human operators cannot achieve, such as rapidly injecting over 10,000 keys per minute and injecting hidden keys that do not exist on the physical keyboard.The underlying principles of phantom key injections consist in inducing false voltages on keyboard sensing GPIO pins through EMI coupled onto matrix circuits.We investigate the voltage and timing requirements of injection signals both theoretically and empirically to establish the theory of phantom key injection.To validate the threat of keyboard sensing vulnerabilities, we design GhostType that can cause denial-of-service of the keyboard and inject random keystrokes as well as certain targeted keystrokes of the adversary's choice.We have validated GhostType on 48 of 50 off-the-shelf keyboards/keypads from 20 brands, including both membrane/mechanical structures and USB/Bluetooth protocols.Some example consequences of GhostType include completely blocking keyboard operations, crashing and turning off downstream computers, and deleting computer files.Finally, we glean lessons from our investigations and propose countermeasures, including shielding keyboards with metal materials and enhancing the keystroke sensing mechanism.

Fan Li,Xiuxiu Wang,Huijie Chen,Kashif Sharif,Yu Wang

DOI: https://doi.org/10.1109/access.2017.2776527

IF: 3.9

2017-01-01

IEEE Access

Abstract:Public social environments are hot beds of security leaks, either they are virtual or physical. The nature of social settings allows numerous people to co-exist in the same space. This close un-bounded proximity opens up the possibility of privacy compromise in such environments. In this paper, we explore a novel and practical multi-modal side-channel keystroke recognition system, named ClickLeak, which can infer the PIN code/password entered on numeric keypad by using the commodity Wi-Fi devices. Such numeric keypads are commonly available in many public social environments. ClickLeak is built on the observation that each key input makes unique pattern of hand and finger movements, and this generates unique distortions to multi-path Wi-Fi signals. Acceleration and microphone sensors of smart phones determine the starting and ending time of keystrokes, while the time series of channel state information are analyzed to determine the keystrokes. The evaluation results have shown that with large scale data collections from public social settings, the key recognition accuracy can reach higher than 83%.

Xiangyu Liu,Zhe Zhou,Wenrui Diao,Zhou Li,Kehuan Zhang

DOI: https://doi.org/10.1145/2810103.2813668

2015-01-01

Abstract:One rising trend in today's consumer electronics is the wearable devices, e.g., smartwatches. With tens of millions of smartwatches shipped, however, the security implications of such devices are not fully understood. Although previous studies have pointed out some privacy concerns about the data that can be collected, like personalized health information, the threat is considered low as the leaked data is not highly sensitive and there is no real attack implemented. In this paper we investigate a security problem coming from sensors in smartwatches, especially the accelerometer. The results show that the actual threat is much beyond people's awareness.Being worn on the wrist, the accelerometer built within a smartwatch can track user's hand movements, which makes inferring user inputs on keyboards possible in theory. But several challenges need to be addressed ahead in the real-world settings: e.g., small and irregular hand movements occur persistently during typing, which degrades the tracking accuracy and sometimes even overwhelms useful signals.In this paper, we present a new and practical side-channel attack to infer user inputs on keyboards by exploiting sensors in smartwatch. Novel keystroke inference models are developed to mitigate the negative impacts of tracking noises. We focus on two major categories of keyboards: one is numeric keypad that is generally used to input digits, and the other is QWERTY keyboard on which a user can type English text. Two prototypes have been built to infer users' banking PINs and English text when they type on POS terminal and QWERTY keyboard respectively. Our results show that for numeric keyboard, the probability of finding banking PINs in the top 3 candidates can reach 65%, while for QWERTY keyboard, a significant accuracy improvement is achieved compared to the previous works, especially of the success rate of finding the correct word in the top 10 candidates.

Jia-Xuan Bai,Bin Liu,Luchuan Song

DOI: https://doi.org/10.1145/3474085.3475539

2021-01-01

Abstract:Recently, smart devices equipped with microphones have become increasingly popular in people's lives. However, when users type on a keyboard near devices with microphones, the acoustic signals generated by different keystrokes may leak the user's privacy. This paper proposes a robust side-channel attack scheme to infer keystrokes on the surrounding keyboard, leveraging the smart devices' microphones. To address the challenge of non-cooperative attacking environments, we propose an efficient scheme to estimate the relative position between the microphones and the keyboard, and extract two robust features from the acoustic signals to alleviate the impact of various victims and keyboards. As a result, we can realize the side-channel attack through acoustic signals, regardless of the exact location of microphones, the victims, and the type of keyboards. We implement the proposed scheme on the commercial smartphone and conduct extensive experiments to evaluate its performance. Experimental results show that the proposed scheme could achieve good performance in predicting keyboard input under various conditions. Overall, we can correctly identify 91.2% of keystrokes with 10-fold cross-validation. When predicting keystrokes from unknown victims, the attack can obtain a Top-5 accuracy of 91.52%. Furthermore, the Top-5 accuracy of predicting keystrokes can reach 72.25% when the victims and keyboards are both unknown. When predicting meaningful contents, we can obtain a Top-5 accuracy of 96.67% for the words entered by the victim.

Yushi Cheng,Xiaoyu Ji,Wenyuan Xu,Hao Pan,Zhuangdi Zhu,Chuang-Wen You,Yi-Chao Chen,Lili Qiu

DOI: https://doi.org/10.1145/3321705.3329817

2019-01-01

Abstract:Mobile devices have emerged as the most popular platforms to access information. However, they have also become a major concern of privacy violation and previous researches have demonstrated various approaches to infer user privacy based on mobile devices. In this paper, we study a new side channel of a laptop that could be harvested by a commercial-off-the-shelf (COTS) mobile device, eg, a smartphone. We propose MagAttack, which exploits the electromagnetic (EM) side channel of a laptop to infer user activities, i.e., application launching and application operation. The key insight of MagAttack is that applications are discrepant in essence due to the different compositions of instructions, which can be reflected on the CPU power consumption, and thus the corresponding EM emissions. MagAttack is challenging since that EM signals are noisy due to the dynamics of applications and the limited sampling rate of the built-in magnetometers in COTS mobile devices. We overcome these challenges and convert noisy coarse-grained EM signals to robust fine-grained features. We implement MagAttack on both an iOS and an Android smartphone without any hardware modification, and evaluate its performance with 13 popular applications and 50 top websites in China. The results demonstrate that MagAttack can recognize aforementioned 13 applications with an average accuracy of 98.6%, and figure out the visiting operation among 50 websites with an average accuracy of 84.7%.

Shaoyong Du,Yue Gao,Jingyu Hua,Sheng Zhong

DOI: https://doi.org/10.1007/978-3-319-59608-2_4

2016-01-01

Abstract:Nowadays, attackers seek various covert channels to access the users’ privacy on the mobile devices. Recent research has demonstrated that the built-in motion sensors can be exploited to monitor the users’ screen taps and infer what they have typed. This paper presents several practical and convenient countermeasures against this attack in terms of the soft keyboard. We find that this attack is sensitive to the motion noise of the mobile device and the layout variation of the soft keyboard. We, thus, present two kinds of countermeasures against this attack by introducing vibration noise in sensor readings and dynamics in the keyboard layout, respectively. We implement these countermeasures on Android platform and recruit 20 volunteers to evaluate these countermeasures’ effectiveness and usability on both the smartphones and tablets. The results show that the proposed countermeasures can effectively reduce the attackers’ keystroke inference accuracy without significantly hurting the typing efficiency.

Jiadi Yu,Li Lu,Yingying Chen,Yanmin Zhu,Linghe Kong

DOI: https://doi.org/10.1109/tmc.2019.2947468

IF: 6.075

2021-02-01

IEEE Transactions on Mobile Computing

Abstract:This paper demonstrates the feasibility of a side-channel attack to infer keystrokes on touch screen leveraging an off-the-shelf smartphone. Although there exist some studies on keystroke eavesdropping attacks on touch screen, they are mainly direct eavesdropping attacks, i.e., require the device of victims compromised to provide side-channel information for the adversary, which are hardly launched in practical scenarios. In this work, we show the practicability of an indirect eavesdropping attack, $KeyListener$<math>KeyListener</math>, which infers keystrokes on QWERTY keyboards of touch screen leveraging audio devices on a smartphone. We investigate the attenuation of acoustic signals, and find that a user's keystroke fingers can be localized through the attenuation of acoustic signals received by the microphones in the smartphone. We then utilize the attenuation of acoustic signals to localize each keystroke, and further analyze errors induced by ambient noises. To improve the accuracy of keystroke localization, $KeyListener$<math>KeyListener</math> further tracks finger movements during inputs through phase change and Doppler effect to reduce errors of acoustic signal attenuation-based keystroke localization. In addition, a -inary tree-based search approach is employed to infer keystrokes in a context-aware manner. The proposed keystroke eavesdropping attack is robust to various environments without the assistance of additional infrastructures. Extensive experiments demonstrate that the accuracy of keystroke inference in top-5 candidates can approach 90 percent with a top-5 error rate of around 6 percent, which is a strong indication of the possible user privacy leakage of inputs on QWERTY keyboard.

computer science, information systems,telecommunications

Rui Song,Yubo Song,Qihong Dong,Aiqun Hu,Shang Gao

DOI: https://doi.org/10.1109/wcsp.2017.8171036

2017-01-01

Abstract:In recent years, various sensors have been integrated into smartphones to sense the slight motions of human body. However, security researchers found that these sensors can not only be used in motion detection, but also as side-channel to reveal users' privacy data by inferring keystrokes. What is worse, as defined in W3C specifications, the mobile web applications can get these sensor readings silently without permissions from users. Therefore, when cross-site scripting vulnerabilities are found in a mobile web application, attackers can get users' privacy data remotely via these sensors in theory. However, these attacks are difficult to achieve by the fact that mobile web applications can only get sensor readings with low sampling rate in practical uses. In this paper, we proposed a novel ensemble learning algorithm based on weighted voting to improve the keystroke inferring accuracy in low sensors sampling rate. Based on this novel learning algorithm, a prototype system named WebLogger is developed to demonstrate the possibility of inferring the PIN numbers or passwords entered by mobile phone users from mobile web application silently. The results of experiments show that the prediction accuracy of our learning model can be improved to 70%, which is better than 50% in single machine learning algorithms.

Dan Ping,Xin Sun,Bing Mao

DOI: https://doi.org/10.1145/2766498.2766511

2015-01-01

Abstract:ABSTRACTToday's smartphones are equipped with precise motion sensors like accelerometer and gyroscope, which can measure tiny motion and rotation of devices. While they make mobile applications more functional, they also bring risks of leaking users' privacy. Researchers have found that tap locations on screen can be roughly inferred from motion data of the device. They mostly utilized this side-channel for inferring short input like PIN numbers and passwords, with repeated attempts to boost accuracy. In this work, we study further for longer input inference, such as chat record and e-mail content, anything a user ever typed on a soft keyboard. Since people increasingly rely on smartphones for daily activities, their inputs directly or indirectly expose privacy about them. Thus, it is a serious threat if their input text is leaked. To make our attack practical, we utilize the shared memory side-channel for detecting window events and tap events of a soft keyboard. The up or down state of the keyboard helps triggering our Trojan service for collecting accelerometer and gyroscope data. Machine learning algorithms are used to roughly predict the input text from the raw data and language models are used to further correct the wrong predictions. We performed experiments on two real-life scenarios, which were writing emails and posting Twitter messages, both through mobile clients. Based on the experiments, we show the feasibility of inferring long user inputs to readable sentences from motion sensor data. By applying text mining technology on the inferred text, more sensitive information about the device owners can be exposed.

Ilia Shumailov,Laurent Simon,Jeff Yan,Ross Anderson

DOI: https://doi.org/10.48550/arXiv.1903.11137

2019-03-26

Cryptography and Security

Abstract:We present the first acoustic side-channel attack that recovers what users type on the virtual keyboard of their touch-screen smartphone or tablet. When a user taps the screen with a finger, the tap generates a sound wave that propagates on the screen surface and in the air. We found the device's microphone(s) can recover this wave and "hear" the finger's touch, and the wave's distortions are characteristic of the tap's location on the screen. Hence, by recording audio through the built-in microphone(s), a malicious app can infer text as the user enters it on their device. We evaluate the effectiveness of the attack with 45 participants in a real-world environment on an Android tablet and an Android smartphone. For the tablet, we recover 61% of 200 4-digit PIN-codes within 20 attempts, even if the model is not trained with the victim's data. For the smartphone, we recover 9 words of size 7--13 letters with 50 attempts in a common side-channel attack benchmark. Our results suggest that it not always sufficient to rely on isolation mechanisms such as TrustZone to protect user input. We propose and discuss hardware, operating-system and application-level mechanisms to block this attack more effectively. Mobile devices may need a richer capability model, a more user-friendly notification system for sensor usage and a more thorough evaluation of the information leaked by the underlying hardware.

Benxiao Tang,Zhibo Wang,Run Wang,Lei Zhao,Lina Wang

DOI: https://doi.org/10.1155/2018/4627108

2018-01-01

Wireless Communications and Mobile Computing

Abstract:Digital password lock has been commonly used on mobile devices as the primary authentication method. Researches have demonstrated that sensors embedded on mobile devices can be employed to infer the password. However, existing works focus on either each single keystroke inference or entire password sequence inference, which are user-dependent and require huge efforts to collect the ground truth training data. In this paper, we design a novel side-channel attack system, called Niffler, which leverages the user-independent features of movements of tapping consecutive buttons to infer unlocking passwords on smartphones. We extract angle features to reflect the changing trends and build a multicategory classifier combining the dynamic time warping algorithm to infer the probability of each movement. We further use the Markov model to model the unlocking process and use the sequences with the highest probabilities as the attack candidates. Moreover, the sensor readings of successful attacks will be further fed back to continually improve the accuracy of the classifier. In our experiments, 100,000 samples collected from 25 participants are used to evaluate the performance of Niffler. The results show that Niffler achieves 70% and 85% accuracy with 10 attempts in user-independent and user-dependent environments with few training samples, respectively.

Zhen Xiao,Tao Chen,Yang Liu,Jiao Li,Zhenjiang Li

DOI: https://doi.org/10.1109/tmc.2021.3137229

IF: 6.075

2021-01-01

IEEE Transactions on Mobile Computing

Abstract:Mobile phones nowadays are equipped with at least dual microphones. We find when a user is typing on a phone, the sounds generated from the vibration caused by finger’s tapping on the screen surface can be captured by both microphones, and these recorded sounds alone are informative enough to localize the user’s keystrokes. This ability can be leveraged to enable useful application designs, while it also raises a crucial privacy risk that the private information typed by users on mobile phones has a great potential to be leaked through such a recognition ability. In this paper, we address two key design issues and demonstrate, more importantly alarm people, that this risk is possible, which could be related to many of us when we use our mobile phones. We implement our proposed techniques in a prototype system and conduct extensive experiments. The evaluation results indicate promising successful rates for more than 4000 keystrokes from different users on various types of mobile phones.

computer science, information systems,telecommunications

Anindya Maiti,Oscar Armbruster,Murtuza Jadliwala,Jibo He

DOI: https://doi.org/10.1145/2897845.2897905

2016-01-01

Abstract:Wearable devices, such as smartwatches, are furnished with state-of-the-art sensors that enable a range of context-aware applications. However, malicious applications can misuse these sensors, if access is left unaudited. In this paper, we demonstrate how applications that have access to motion or inertial sensor data on a modern smartwatch can recover text typed on an external QWERTY keyboard. Due to the distinct nature of the perceptible motion sensor data, earlier research efforts on emanation based keystroke inference attacks are not readily applicable in this scenario. The proposed novel attack framework characterizes wrist movements (captured by the inertial sensors of the smartwatch worn on the wrist) observed during typing, based on the relative physical position of keys and the direction of transition between pairs of keys. Eavesdropped keystroke characteristics are then matched to candidate words in a dictionary. Multiple evaluations show that our keystroke inference framework has an alarmingly high classification accuracy and word recovery rate. With the information recovered from the wrist movements perceptible by a smartwatch, we exemplify the risks associated with unaudited access to seemingly innocuous sensors (e.g., accelerometers and gyroscopes) of wearable devices. As part of our efforts towards preventing such side-channel attacks, we also develop and evaluate a novel context-aware protection framework which can be used to automatically disable (or downgrade) access to motion sensors, whenever typing activity is detected.

Yuyi Fang,Zhiwei Zhao,Zi Wang,Geyong Min,Yue Cao,Haojun Huang,Hao Yin

DOI: https://doi.org/10.1016/j.future.2017.10.039

IF: 7.307

2018-01-01

Future Generation Computer Systems

Abstract:Keyboard input is an important way to enter massive personal information into computing systems and the Internet in our social life. The large amount of acoustic data from the keystroke tapping makes it possible for eavesdroppers to snoop the sensitive and private input remotely. Keystroke monitoring using the acoustic signals, which extracts the user information directly from the keystroke acoustics, is a critical security and privacy issue and has recently attracted much research attention. The existing works use smartphones to collect and infer the keystrokes with various data analysis algorithms. However, most of them rely on the assumption that the phone-keyboard relative position is known in advance, which is often unrealistic for real-world scenarios such as adversary eavesdropping. To address this problem and make keystroke monitoring free to use, in this paper, we propose a Po sition free Ke ystroke Mon itoring scheme using a single smartphone. By exploiting the reliable linguistic accountings and the layout of a certain keyboard, we develop a geometrical approach to estimate the relative positions and angles of the smartphone to the keyboard. Our proposed scheme can self-calibrate the position estimation with the continuous acoustic signals. After that, effective keystroke snooping is established based on the Mel-Frequency Cepstral Coefficient and adaptive k-means clustering. We conduct experiments with Samsung S4 smartphones and simulations. The results show that the positioning scheme achieves a high accuracy by 93%, and the keystroke snooping accuracy is improved by 32.6% compared to the existing works.

P Uma Maheswari,Mohamed Yilmaz Ibrahim,Ramkumar B,Aswin Sundar,,,,

DOI: https://doi.org/10.35940/ijeat.b3432.129219

2019-12-30

International Journal of Engineering and Advanced Technology

Abstract:Over the past years, smartphones have witnessed an alarming rise in embedded sensors which enhance their support for applications. However, they can be regarded as loopholes as seemingly innocuous information can be obtained without any user permissions in Android thus invading the user’s privacy. Our work establishes a side channel attack by illegitimately inferring the information being typed by the user on a smartphone using the readings from ‘zero-permission’ sensors like accelerometer and gyroscope. This serves as a proof of concept to prevent such attacks on mobile devices in the future. While previous research has been conducted in this space, our narrative involves a predictive model using Recurrent Neural Networks that can predict the letters being typed in the keyboard solely based on the motion sensor readings, thus inferring the text. Our research was able to identify 37.5% of the unseen words typed by the user using a very small volume of training data. Our tap detection method has shown 92% accuracy which plays a critical role in the text inference. This research lays the foundation to further progress in this area, thus helping to strengthen the mobile security.

Tong Zhu,Qiang Ma,Shanfeng Zhang,Yunhao Liu

DOI: https://doi.org/10.1145/2660267.2660296

2014-01-01

Abstract:The emanations of electronic and mechanical devices have raised serious privacy concerns. It proves possible for an attacker to recover the keystrokes by acoustic signal emanations. Most existing malicious applications adopt context-based approaches, which assume that the typed texts are potentially correlated. Those approaches often incur a high cost during the context learning stage, and can be limited by randomly typed contents (e.g., passwords). Also, context correlations can increase the risk of successive false recognition. We present a context-free and geometry-based approach to recover keystrokes. Using off-the-shelf smartphones to record acoustic emanations from keystrokes, this design estimates keystrokes' physical positions based on the Time Difference of Arrival (TDoA) method. We conduct extensive experiments and the results show that more than 72.2\% of keystrokes can be successfully recovered.

Yan Meng,Jinlei Li,Haojin Zhu,Xiaohui Liang,Yao Liu,Na Ruan

DOI: https://doi.org/10.1109/tmc.2019.2893338

IF: 6.075

2020-01-01

IEEE Transactions on Mobile Computing

Abstract:In this study, we present WindTalker, a novel and practical keystroke inference framework that can be used to infer the sensitive keystrokes on a mobile device through WiFi-based side-channel information. WindTalker is motivated from an observation that keystrokes on mobile devices will lead to different hand coverage and the finger motions, which will introduce a unique interference to the multi-path signals and can be reflected by the channel state information (CSI). An attacker can exploit the strong correlation between the CSI fluctuation and the keystrokes to infer the user's password input. Compared with the previous keystroke inference approaches, WindTalker neither deploys external equipment physically close to the target device nor compromises the target device. Instead, it employs a more practical setting by deploying a free public WiFi hotspot and collects the CSI data from the target device as long as the device is connected to the hotspot. In addition, to improve inference accuracy and efficiency, it analyzes the WiFi traffic to selectively collect CSI only for the sensitive period where password entering occurs. WindTalker can be implemented without the requirement of visually seeing the target device, or installing any malware on the device. We tested Windtalker on several mobile phones and performed a detailed case study to evaluate the practicality of the password inference towards Alipay, the largest mobile payment platform in the world. Furthermore, we proposed a novel CSI obfuscation countermeasure to thwart the inference attack. The evaluation results show that the performance of WindTalker can be dramatically reduced by adopting the proposed countermeasures.

Anindya Maiti,Murtuza Jadliwala,Jibo He,Igor Bilogrevic

DOI: https://doi.org/10.48550/arXiv.1710.03656

2017-10-10

Abstract:Smartwatches enable many novel applications and are fast gaining popularity. However, the presence of a diverse set of on-board sensors provides an additional attack surface to malicious software and services on these devices. In this paper, we investigate the feasibility of key press inference attacks on handheld numeric touchpads by using smartwatch motion sensors as a side-channel. We consider different typing scenarios, and propose multiple attack approaches to exploit the characteristics of the observed wrist movements for inferring individual key presses. Experimental evaluation using commercial off-the-shelf smartwatches and smartphones show that key press inference using smartwatch motion sensors is not only fairly accurate, but also comparable with similar attacks using smartphone motion sensors. Additionally, hand movements captured by a combination of both smartwatch and smartphone motion sensors yields better inference accuracy than either device considered individually.

Cryptography and Security