Hao Pan,Feitong Tan,Wenhao Li,Yi-Chao Chen,Lanqing Yang,Guangtao Xue,Xiaoyu Ji

DOI: https://doi.org/10.1109/secon55815.2022.9918604

2022-01-01

Abstract:This study reveals that on-board hardware modules leak electromagnetic (EM) emissions whenever audio or camera data is accessed, and proposes Magdefender scheme that explores the possibility of using the magnetometer built into mobile devices to detect eavesdropping instances by malicious apps and even the unscrupulous phone vendors. However, the target EM signals generated by accessing multimedia data is weak and tends to be buried beneath other noisy EM signals from apps running in the foreground. It is also subject to the external interference from geomagnetic signals generated by the device movement. To cope with the challenges, we adopt a generative adversarial networks (GAN) based model to facilitate the extraction of target EM signals indicating the occurrence of eavesdropping from the overall magnetometer readings. We also develop a neural network-based classifier with triplet loss embedding to identify the EM signals from the camera and/or microphones. Empirical results demonstrate the efficacy of MagDefenderin recognizing instances of eavesdropping on cameras/microphones data, with average accuracy of 97.3% when applied to the trained devices, and average 91.5% on unseen mobile devices.

Qian Wang,Xiu Lin,Man Zhou,Yanjiao Chen,Cong Wang,Qi Li,Luo Xiangyang

DOI: https://doi.org/10.1109/infocom.2019.8737422

2019-01-01

Abstract:Voice biometrics is widely adopted for identity authentication in mobile devices. However, voice authentication is vulnerable to spoofing attacks, where an adversary may deceive the voice authentication system with pre-recorded or synthesized samples from the legitimate user or by impersonating the speaking style of the targeted user. In this paper, we design and implement VoicePop, a robust software-only anti-spoofing system on smartphones. VoicePop leverages the pop noise, which is produced by the user breathing while speaking close to the microphone. The pop noise is delicate and subject to user diversity, making it hard to record by replay attacks beyond a certain distance and to imitate precisely by impersonators. We design a novel pop noise detection scheme to pinpoint pop noises at the phonemic level, based on which we establish individually unique relationship between phonemes and pop noises to identify legitimate users and defend against spoofing attacks. Our experimental results with 18 participants and three types of smartphones show that VoicePop achieves over 93.5% detection accuracy at around 5.4% equal error rate. VoicePop requires no additional hardware but only the built-in microphones in virtually all smartphones, which can be readily integrated in existing voice authentication systems for mobile devices.

Haijun Gui,Chen Yan,Yushi Cheng,Xiaoyu Ji,Wenyuan Xu

DOI: https://doi.org/10.1109/ei256261.2022.10116166

2022-01-01

Abstract:With the miniature design and ubiquitous use of voice recording devices, the need for anti-eavesdropping has become essential, especially in confidential meetings. Previous studies prevent eavesdropping by injecting a noise into the recording devices using electromagnetic waves or ultrasounds, hoping that the noise can cover the voice recording in similar frequencies. In this paper, we propose a new anti-eavesdropping method that attenuates the voice recording instead of covering it. As the voice recording is suppressed to a low volume, it is difficult to recover sensitive information even using noise reduction techniques. The key idea is to inject an inaudible high-frequency noise that can saturate the preamplifier in the microphone circuit. In addition, to avoid unintentionally interfering with non-eavesdropping devices such as conference microphones, we construct an anti-eavesdropping area using an acoustic parametric array, which can transmit the high-frequency noise into a confined area of choice. Based on the above methods, we built a proof-of-concept anti-eavesdropping system and achieved good experimental results on 4 smartphones and 2 voice recorders.

Wenbin Huang,Wenjuan Tang,Hanyuan Chen,Hongbo Jiang,Yaoxue Zhang

DOI: https://doi.org/10.1109/tmc.2022.3221463

IF: 6.075

2024-01-01

IEEE Transactions on Mobile Computing

Abstract:Microphone has been widely integrated into mobile devices to provide physical basis for human-device voice interaction. However, the microphone may be spitefully invoked by malicious mobile applications (apps) with arousing security and privacy concerns. In this work, to explore the issue of illegal microphone access, we develop spiteful apps through native and injection development to access the microphone viciously on a series of mobile devices. The results demonstrate that baleful apps could enable the microphone arbitrarily without any hint. To combat the unauthorized microphone access behavior, we design a microphone illegal access detection (MicDet) scheme by constructing a request-response time model using the Unix time stamps of voice icon touched and microphone invoked. Through conducting numerical analysis and hypothesis testing to effectively verify the request-response pattern of app's normal access, we detect illegal access by analyzing whether the touch operation matches the normal pattern. For friendly user experience, we design an intuitive floating window to alert users by displaying the name of the app that illegally accessed the microphone once the illegal behavior is detected. Finally, we apply our scheme to different mobile devices and test several apps, the experimental results show that the MicDet scheme achieves a high detection accuracy.

Rui Ning,Cong Wang,ChunSheng Xin,Jiang Li,Hongyi Wu

DOI: https://doi.org/10.1016/j.pmcj.2019.101106

IF: 3.848

2020-01-01

Pervasive and Mobile Computing

Abstract:In this paper, we report a newfound vulnerability on smartphones due to the malicious use of unsupervised sensor data. We demonstrate that an attacker can train deep Convolutional Neural Networks (CNN) by using magnetometer or orientation data to effectively infer the Apps and their usage information on a smartphone with an accuracy of over 80%. Furthermore, we show that such attacks can become even worse if sophisticated attackers exploit motion sensors to cluster the magnetometer or orientation data, improving the accuracy to as high as 98%. To mitigate such attacks, we propose a noise injection scheme that can effectively reduce the App sniffing accuracy to only 15% and at the same time has negligible effect on benign Apps.

Kai Wang,Richard Mitev,Chen Yan,Xiaoyu Ji,Ahmad-Reza Sadeghi,Wenyuan Xu

2022-01-01

Abstract:Capacitive touchscreens have become the primary human-machine interface for personal devices such as smartphones and tablets. In this paper, we present GhostTouch, the first active contactless attack against capacitive touchscreens. Ghost Touch uses electromagnetic interference (EMI) to inject fake touch points into a touchscreen without the need to physically touch it. By tuning the parameters of the electromagnetic signal and adjusting the antenna, we can inject two types of basic touch events, taps and swipes, into targeted locations of the touchscreen and control them to manipulate the underlying device. We successfully launch the Ghost Touch attacks on nine smartphone models. We can inject targeted taps continuously with a standard deviation of as low as 14.6 x 19.2 pixels from the target area, a delay of less than 0.5s and a distance of up to 40mm. We show the real-world impact of the Ghost Touch attacks in a few proof-of-concept scenarios, including answering an eavesdropping phone call, pressing the button, swiping up to unlock, and entering a password. Finally, we discuss potential hardware and software countermeasures to mitigate the attack.

Li Lu,Jiadi Yu,Yingying Chen,Yanmin Zhu,Xiangyu Xu,Guangtao Xue,Minglu Li

DOI: https://doi.org/10.1109/infocom.2019.8737591

2019-01-01

Abstract:This paper demonstrates the feasibility of a side-channel attack to infer keystrokes on touch screen leveraging an off-the-shelf smartphone. Although there exist some studies on keystroke eavesdropping attacks on touch screen, they are mainly direct eavesdropping attacks, i.e., require the device of victims compromised to provide side-channel information for the adversary, which are hardly launched in practical scenarios. In this work, we show the practicability of an indirect eavesdropping attack, KeyListener, which infers keystrokes on QWERTY keyboards of touch screen leveraging audio devices on a smartphone. We investigate the attenuation of acoustic signals, and find that a user’s keystroke fingers can be localized through the attenuation of acoustic signals received by the microphones in the smartphone. We then utilize the attenuation of acoustic signals to localize each keystroke, and further analyze errors induced by ambient noises. To improve the accuracy of keystroke localization, KeyListener further tracks finger movements during inputs through phase change and Doppler effect to reduce errors of acoustic signal attenuation-based keystroke localization. In addition, a binary tree-based search approach is employed to infer keystrokes in a context-aware manner. The proposed keystroke eavesdropping attack is robust to various environments without the assistance of additional infrastructures. Extensive experiments demonstrate that the accuracy of keystroke inference in top-5 candidates can approach 90% with a top-5 error rate of around 6%, which is a strong indication of the possible user privacy leakage of inputs on QWERTY keyboard.

Xiangyu Xu,Yu Chen,Zhen Ling,Li Lu,Junzhou Luo,Xinwen Fu

DOI: https://doi.org/10.1109/infocom52122.2024.10621229

2024-01-01

Abstract:Recent years have witnessed a surge of headphones (including in-ear headphones) usage in works and communications. Because of the privacy-preserve property, people feel comfortable having confidential communication wearing headphones and pay little attention to speech leakage. In this paper, we present an end-to-end eavesdropping system, mmEar, which shows the feasibility of launching an eavesdropping attack on headphones leveraging a commercial mmWave radar. Different from previous works that realize eavesdropping by sensing speech-induced vibrations with reasonable amplitude, mmEar focuses on capturing the extremely faint vibrations with a low signal-to-noise ratio (SNR) on the surface of headphones. Toward this end, we propose a faint vibration emphasis (FVE) method that models and amplifies the mmWave responses to speech-induced vibrations on the In-phase and Quadrature (IQ) plane, followed by a deep denoising network to further improve the SNR. To achieve practical eavesdropping on various headphones and setups, we propose a cGAN model with a pretrain-finetune scheme, boosting the generalization ability and robustness of the attack by generating high-quality synthesis data. We evaluate mmEar with extensive experiments on different headphones and earphones and find that most of them can be compromised by the proposed attack for speech recovery.

Wenbin Huang,Hanyuan Chen,Hangcheng Cao,Ju Ren,Hongbo Jiang,Zhangjie Fu,Yaoxue Zhang

DOI: https://doi.org/10.1109/TMC.2024.3401096

IF: 6.075

2024-01-01

IEEE Transactions on Mobile Computing

Abstract:Numerous mobile devices are equipped with voice assistants to facilitate contactless user-device interaction. However, the widespread availability of voice assistants also raises security and privacy concerns, as they can be maliciously triggered to perform voice eavesdropping. Although diverse attacks have been taken to manipulate voice assistants for eavesdropping, they exhibit deficiencies of limited attack scopes and conspicuous attack behaviors because they target specific voice assistants or require extra voice commands to activate them. To manipulate arbitrary voice assistants for covert eavesdropping attack, we conduct a comprehensive analysis of voice assistant implementation in the Android system and refine a universal workflow. Through meticulous analysis and experimental verification, we uncover an inherent vulnerability that in voice assistants across device types that can be awakened by an artificial faking Intent. Building on this significant discovery, we propose an attack termed VoiceEar. It leverages a malicious event generation file and a first-in-first-out Intent generation algorithm to trigger voice assistants within the normal workflow for eavesdropping, without voice commands. Finally, we deploy the VoiceEar attacks on 25 mainstream mobile devices, and invite 95 volunteers for eavesdropping activity perception testing. The results unequivocally demonstrate the seamless execution of VoiceEar attacks, with neither users nor devices awareness.

Weili Han,Chang Cao,Hao Chen,Dong Li,Zheran Fang,Wenyuan Xu,X. Sean Wang

DOI: https://doi.org/10.1109/tdsc.2017.2768536

2020-01-01

Abstract:Sensors are widely used in modern mobile devices (e.g., smartphones, watches) and may gather abundant information from environments as well as about users, e.g., photos, sounds and locations. The rich set of sensor data enables various applications (e.g., health monitoring) and personalized apps as well. However, the powerful sensing abilities provide opportunities for attackers to steal both personal sensitive data and commercial secrets like never before. Unfortunately, the current design of smart devices only provides a coarse access control on sensors and does not have the capability to audit sensing. We argue that knowing how often the sensors are accessed and how much sensor data are collected is the first-line defense against sensor data breach. Such an ability is yet to be designed. In this paper, we propose a framework that allows users to acquire sensor data usages. In particular, we leverage a hook-based track method to track sensor accesses. Thus, with no need to change the source codes of the Android system and applications, we can intercept sensing operations to graphic sensors, audio sensors, location sensors, and standard sensors, and audit them from four aspects: flow audit, frequency audit, duration audit and invoker audit. Then, we implement a prototype, referred to as senDroid, which visually shows the quantitative usages of these sensors in real time at a performance overhead of [0.04-8.05] percent. senDroid allows Android users to audit the applications even when they bypass the Android framework via JNI invocations or when the malicious codes are dynamically loaded from the server side. Our empirical study on 1,489 popular apps in three well-known Android app markets shows that 26.32 percent apps access sensors when the apps are launched, and 11.01 percent apps access sensors while the apps run in the background. Furthermore, we analyze the relevance between sensor usage patterns and third-party libraries, and reverse-engineering on suspicious third-party libraries shows that 77.27 percent apps access sensors via third-party libraries. Our results call attentions to address the users' privacy concerns caused by sensor access.

Yushi Cheng,Xiaoyu Ji,Wenyuan Xu,Hao Pan,Zhuangdi Zhu,Chuang-Wen You,Yi-Chao Chen,Lili Qiu

DOI: https://doi.org/10.1145/3321705.3329817

2019-01-01

Abstract:Mobile devices have emerged as the most popular platforms to access information. However, they have also become a major concern of privacy violation and previous researches have demonstrated various approaches to infer user privacy based on mobile devices. In this paper, we study a new side channel of a laptop that could be harvested by a commercial-off-the-shelf (COTS) mobile device, eg, a smartphone. We propose MagAttack, which exploits the electromagnetic (EM) side channel of a laptop to infer user activities, i.e., application launching and application operation. The key insight of MagAttack is that applications are discrepant in essence due to the different compositions of instructions, which can be reflected on the CPU power consumption, and thus the corresponding EM emissions. MagAttack is challenging since that EM signals are noisy due to the dynamics of applications and the limited sampling rate of the built-in magnetometers in COTS mobile devices. We overcome these challenges and convert noisy coarse-grained EM signals to robust fine-grained features. We implement MagAttack on both an iOS and an Android smartphone without any hardware modification, and evaluate its performance with 13 popular applications and 50 top websites in China. The results demonstrate that MagAttack can recognize aforementioned 13 applications with an average accuracy of 98.6%, and figure out the visiting operation among 50 websites with an average accuracy of 84.7%.

Zhuoyang Shi,Chaohao Li,Zizhi Jin,Weinong Sun,Xiaoyu Ji,Wenyuan Xu

DOI: https://doi.org/10.1109/icpads53394.2021.00027

2021-01-01

Abstract:Due to the open nature of voice and voice interface, attackers can easily record the user's voice commands and spoof the voice recognition systems by replaying them. Existing voice replay attack detection methods mainly rely on extra hardware to determine the sound source or require excessively computing resources for training the classifier with a large number of acoustic features. Hence, we prop...

Ahmed Tanvir Mahdad,Cong Shi,Zhengkun Ye,Tianming Zhao,Yan Wang,Yingying Chen,Nitesh Saxena

DOI: https://doi.org/10.48550/arXiv.2212.12151

2022-12-23

Abstract:Eavesdropping from the user's smartphone is a well-known threat to the user's safety and privacy. Existing studies show that loudspeaker reverberation can inject speech into motion sensor readings, leading to speech eavesdropping. While more devastating attacks on ear speakers, which produce much smaller scale vibrations, were believed impossible to eavesdrop with zero-permission motion sensors. In this work, we revisit this important line of reach. We explore recent trends in smartphone manufacturers that include extra/powerful speakers in place of small ear speakers, and demonstrate the feasibility of using motion sensors to capture such tiny speech vibrations. We investigate the impacts of these new ear speakers on built-in motion sensors and examine the potential to elicit private speech information from the minute vibrations. Our designed system EarSpy can successfully detect word regions, time, and frequency domain features and generate a spectrogram for each word region. We train and test the extracted data using classical machine learning algorithms and convolutional neural networks. We found up to 98.66% accuracy in gender detection, 92.6% detection in speaker detection, and 56.42% detection in digit detection (which is 5X more significant than the random selection (10%)). Our result unveils the potential threat of eavesdropping on phone conversations from ear speakers using motion sensors.

Sound,Cryptography and Security,Audio and Speech Processing

Ilia Shumailov,Laurent Simon,Jeff Yan,Ross Anderson

DOI: https://doi.org/10.48550/arXiv.1903.11137

2019-03-26

Cryptography and Security

Abstract:We present the first acoustic side-channel attack that recovers what users type on the virtual keyboard of their touch-screen smartphone or tablet. When a user taps the screen with a finger, the tap generates a sound wave that propagates on the screen surface and in the air. We found the device's microphone(s) can recover this wave and "hear" the finger's touch, and the wave's distortions are characteristic of the tap's location on the screen. Hence, by recording audio through the built-in microphone(s), a malicious app can infer text as the user enters it on their device. We evaluate the effectiveness of the attack with 45 participants in a real-world environment on an Android tablet and an Android smartphone. For the tablet, we recover 61% of 200 4-digit PIN-codes within 20 attempts, even if the model is not trained with the victim's data. For the smartphone, we recover 9 words of size 7--13 letters with 50 attempts in a common side-channel attack benchmark. Our results suggest that it not always sufficient to rely on isolation mechanisms such as TrustZone to protect user input. We propose and discuss hardware, operating-system and application-level mechanisms to block this attack more effectively. Mobile devices may need a richer capability model, a more user-friendly notification system for sensor usage and a more thorough evaluation of the information leaked by the underlying hardware.

Lei Wang,Meng Chen,Li Lü,Zhongjie Ba,Feng Lin,Kui Ren

DOI: https://doi.org/10.1145/3580789

2023-01-01

Proceedings of the ACM on Interactive Mobile Wearable and Ubiquitous Technologies

Abstract:Recently, voice leakage gradually raises more significant concerns of users, due to its underlying sensitive and private information when providing intelligent services. Existing studies demonstrate the feasibility of applying learning-based solutions on built-in sensor measurements to recover voices. However, due to the privacy concerns, large-scale voices-sensor measurements samples for model training are not publicly available, leading to significant efforts in data collection for such an attack. In this paper, we propose a training-free and universal eavesdropping attack on built-in speakers, VoiceListener, which releases the data collection efforts and is able to adapt to various voices, platforms, and domains. In particular, VoiceListener develops an aliasing-corrected super resolution mechanism, including an aliasing-based pitch estimation and an aliasing-corrected voice recovering, to convert the undersampled narrow-band sensor measurements to wide-band voices. Extensive experiments demonstrate that our proposed VoiceListener could accurately recover the voices from undersampled sensor measurements and is robust to different voices, platforms and domains, realizing the universal eavesdropping attack.

Ming Gao,Yajie Liu,Yike Chen,Yimin Li,Zhongjie Ba,Xian Xu,Jinsong Han

DOI: https://doi.org/10.1109/infocom48880.2022.9796890

2022-01-01

Abstract:IMU-based eavesdropping has brought growing concerns over smartphone users’ privacy. In such attacks, adversaries utilize IMUs that require zero permissions for access to acquire speeches. A common countermeasure is to limit sampling rates (within 200 Hz) to reduce overlap of vocal fundamental bands (85-255 Hz) and inertial measurements (0-100 Hz). Nevertheless, we experimentally observe that IMUs sampling below 200 Hz still record adequate speech-related information because of aliasing distortions. Accordingly, we propose a practical side-channel attack, InertiEAR, to break the defense of sampling rate restriction on the zero-permission eavesdropping. It leverages IMUs to eavesdrop on both top and bottom speakers in smartphones. In the InertiEAR design, we exploit coherence between responses of the built-in accelerometer and gyroscope and their hardware diversity using a mathematical model. The coherence allows precise segmentation without manual assistance. We also mitigate the impact of hardware diversity and achieve better device-independent performance than existing approaches that have to massively increase training data from different smartphones for a scalable network model. These two advantages re-enable zero-permission attacks but also extend the attacking surface and endangering degree to off-the-shelf smartphones. InertiEAR achieves a recognition accuracy of 78.8% with a cross-device accuracy of up to 49.8% among 12 smartphones.

Chao Wang,Feng Lin,Tiantian Liu,Kaidi Zheng,Zhibo Wang,Zhengxiong Li,Ming-Chun Huang,Wenyao Xu,Kui Ren

DOI: https://doi.org/10.1145/3495243.3560543

2022-01-01

Abstract:Earpiece mode of smartphones is often used for confidential communication. In this paper, we proposed a remote(>2m) and motion-resilient attack on smartphone earpiece. We developed an end-to-end eavesdropping system mmEve based on a commercial mmWave sensor to recover speech emitted from smartphone earpiece. The rationale of the attack is based on our observation that, soundwaves emitted from the smartphone's earpiece have a strong correlation with reflected mmWaves from the smartphone's rear. However, we find the recovered speech suffers from the sensor's self-noise and smartphone user's motion which limit attack distance to less than 2m, causing limited threats in real world. We modeled the motion interference under mmWave sensing and proposed a motion-resilient solution by optimizing the fitting function on I/Q plane. To achieve a practical attack with reasonable attack distance, we developed a GAN-based denoising scheme to eliminate the noise pattern of the sensor, which boosted the attack range to 6--8m. We evaluated mmEve with extensive experiments and find 23 different models of smartphones manufactured by Samsung, Huawei, etc. can be compromised by the proposed attack.

Jiadi Yu,Li Lu,Yingying Chen,Yanmin Zhu,Linghe Kong

DOI: https://doi.org/10.1109/tmc.2019.2947468

IF: 6.075

2021-02-01

IEEE Transactions on Mobile Computing

Abstract:This paper demonstrates the feasibility of a side-channel attack to infer keystrokes on touch screen leveraging an off-the-shelf smartphone. Although there exist some studies on keystroke eavesdropping attacks on touch screen, they are mainly direct eavesdropping attacks, i.e., require the device of victims compromised to provide side-channel information for the adversary, which are hardly launched in practical scenarios. In this work, we show the practicability of an indirect eavesdropping attack, $KeyListener$<math>KeyListener</math>, which infers keystrokes on QWERTY keyboards of touch screen leveraging audio devices on a smartphone. We investigate the attenuation of acoustic signals, and find that a user's keystroke fingers can be localized through the attenuation of acoustic signals received by the microphones in the smartphone. We then utilize the attenuation of acoustic signals to localize each keystroke, and further analyze errors induced by ambient noises. To improve the accuracy of keystroke localization, $KeyListener$<math>KeyListener</math> further tracks finger movements during inputs through phase change and Doppler effect to reduce errors of acoustic signal attenuation-based keystroke localization. In addition, a -inary tree-based search approach is employed to infer keystrokes in a context-aware manner. The proposed keystroke eavesdropping attack is robust to various environments without the assistance of additional infrastructures. Extensive experiments demonstrate that the accuracy of keystroke inference in top-5 candidates can approach 90 percent with a top-5 error rate of around 6 percent, which is a strong indication of the possible user privacy leakage of inputs on QWERTY keyboard.

computer science, information systems,telecommunications

Zhongjie Ba,Tianhang Zheng,Xinyu Zhang,Zhan Qin,Baochun Li,Xue Liu,Kui Ren

DOI: https://doi.org/10.14722/ndss.2020.24076

2020-01-01

Abstract:Motion sensors on current smartphones have been exploited for audio eavesdropping due to their sensitivity to vibrations. However, this threat is considered low-risk because of two widely acknowledged limitations: First, unlike microphones, motion sensors can only pick up speech signals traveling through a solid medium. Thus, the only feasible setup reported previously is to use a smartphone gyroscope to eavesdrop on a loudspeaker placed on the same table. The second limitation comes from a common sense that these sensors can only pick up a narrow band (85-100Hz) of speech signals due to a sampling ceiling of 200Hz. In this paper, we revisit the threat of motion sensors to speech privacy and propose AccelEve, a new side-channel attack that employs a smartphone's accelerometer to eavesdrop on the speaker in the same smartphone. Specifically, it utilizes the accelerometer measurements to recognize the speech emitted by the speaker and to reconstruct the corresponding audio signals. In contrast to previous works, our setup allows the speech signals to always produce strong responses in accelerometer measurements through the shared motherboard, which successfully addresses the first limitation and allows this kind of attacks to penetrate into real-life scenarios. Regarding the sampling rate limitation, contrary to the widely-held belief, we observe up to 500Hz sampling rates in recent smartphones, which almost covers the entire fundamental frequency band (85-255Hz) of adult speech. On top of these pivotal observations, we propose a novel deep learning based system that learns to recognize and reconstruct speech information from the spectrogram representation of acceleration signals. This system employs adaptive optimization on deep neural networks with skip connections using robust and generalizable losses to achieve robust recognition and reconstruction performance. Extensive evaluations demonstrate the effectiveness and high accuracy of our attack under various settings.

Zhen Xiao,Tao Chen,Yang Liu,Jiao Li,Zhenjiang Li

DOI: https://doi.org/10.1109/tmc.2021.3137229

IF: 6.075

2021-01-01

IEEE Transactions on Mobile Computing

Abstract:Mobile phones nowadays are equipped with at least dual microphones. We find when a user is typing on a phone, the sounds generated from the vibration caused by finger’s tapping on the screen surface can be captured by both microphones, and these recorded sounds alone are informative enough to localize the user’s keystrokes. This ability can be leveraged to enable useful application designs, while it also raises a crucial privacy risk that the private information typed by users on mobile phones has a great potential to be leaked through such a recognition ability. In this paper, we address two key design issues and demonstrate, more importantly alarm people, that this risk is possible, which could be related to many of us when we use our mobile phones. We implement our proposed techniques in a prototype system and conduct extensive experiments. The evaluation results indicate promising successful rates for more than 4000 keystrokes from different users on various types of mobile phones.

computer science, information systems,telecommunications