【Android论文栏目提醒】:网学会员--在 Android论文编辑为广大网友搜集整理了:android传感器破解密码论文_en - 开发文档绩等信息,祝愿广大网友取得需要的信息,参考学习。
TouchLogger:InferringKeystrokesOnTouchScreenFromSmartphoneMotionAbstractAttacksthatusesidechannelssuchassoundandelec-tromagneticemanationtoinferkeystrokesonphysicalkeyboardsareineffectiveonsmartphoneswithoutphysi-calkeyboards.Wedescribeanewsidechannelmotionontouchscreensmartphoneswithonlysoftkeyboards.Sincetypingondifferentlocationsonthescreencausesdifferentvibrationsmotiondatacanbeusedtoinferthekeysbeingtyped.Todemonstratethisattackwedevel-opedTouchLoggeranAndroidapplicationthatextractsfeaturesfromdeviceorientationdatatoinferkeystrokes.TouchLoggercorrectlyinferredmorethan70ofthekeystypedonanumber-onlysoftkeyboardonasmart-phone.Wehopetoraisetheawarenessofmotionasasignicantsidechannelthatmayleakcondentialdata.1IntroductionKeyboardisthemostcommoninputdevice.Weusekey-boardtoinputavarietyofinformationsomeofwhicharehighlyvaluablesuchaspasswordsPINssocialse-curitynumbersandcreditcardnumbers.Itcameasnosurprisethatkeystrokeloggingisafavoritetooloftradebyattackers.TheattackercaninstallaTrojanprogramonthevictimcomputertologkeystrokesoruseoutofbandchannelstoinferkeystrokes.Acoustickeyloggerforexamplecaninferkeystroksfromacousticfrequencysignatures2timingsbetweentwokeystroks4orlan-guagemodels11.Electromaganeticemanationsofkey-boardsarealsostudiedforkeylogging8.Touchscreensmartphoneshavechangedtheparadigmofuserinteraction.Mosttouchscreensmartphoneshavenophysicalkeyboard.Insteadtheusertypesonthesoft-warekeyboardonthescreen.Sincethereisneithersoundnorelectromagneticemanationfromavirtualkeyboardtheattackercannolongerinferkeystrokesbasedonthesesignals.MoreovermanysmartphoneoperatingsystemssuchasAndroidandiOSrestrictsprivilegesgrantedtoapplications.Inmostcasesanapplicationcannotreadkeystrokesunlessitisactiveandreceivesthefocusonthescreen.Itseemsthatkeyloggersatleastthetradi-tionalonesdescribedabovearefacingsevereobstaclesontouchscreensmartphones.Weinvestigateanewavenueforkeystrokeloggingontouchscreensmartphones.Mostofthesephonesareequippedwithavarietyofsensorsfordetectingsoundimagelocationandmotion.Ourinsightisthatmotionsensorssuchasaccelerometersandgyroscopesmaybeusedtoinferkeystrokes.Whentheusertypesonthesoftkeyboardonhersmartphoneespeciallywhensheholdsherphonebyhandratherthanplacingitonaxedsur-facethephonevibrates.Wediscoverthatkeystrokevi-brationontouchscreensarehighlycorrelatedtothekeysbeingtyped.Inourpreliminaryevaluationwewereabletoinfercorrectlymorethan70ofthekeystypedonanumber-onlysoftkeyboardonasmartphone.1.1ThreatmodelCurrentlytoreadfromthemotionsensorsthekeyloggingapplicationneedstobeinstalledonthevictimsmartphone.Giventheincreasingnumberofmalwareapplicationsonthesmartphonemarket5andthepreva-lenceofuntrustedthird-partyadcodeincorporatedinap-plicationswedonotbelievethatthisassumptionisover-optimistic.Alsotheuserneedstograntthekeyloggingapplicationtheprivilegetoreadfrommotionsensors.Webelievethatmostuserswouldhavenoqualmofgrantingthisprivilegeasitseemsmuchlessriskythanothersen-sorprivilegessuchasthemicrophoneorcamera.Theassumptionthatmostuserswouldnottreatmotiondataashighsensitiveisnotjustourwishfulthinking.W3ChasrecentlypublishedDeviceOrientationEventSpecication6toallo