Blind Recognition of Touched Keys on Mobile Devices. Yue, Q., Ling, Z., Fu, X., Liu, B., Ren, K., & Zhao, W. In Proceedings of the ACM Conference on Computer and Communications Security (CCS), pages 1403-1414, 2014.
Blind Recognition of Touched Keys on Mobile Devices [link]Website  abstract   bibtex   
In this paper, we introduce a novel computer vision based attack that automatically discloses inputs on a touch-enabled device while the attacker cannot see any text or popup in a video of the victim tapping on the touch screen. We carefully analyze the shadow formation around the fingertip, apply the optical flow, deformable part-based model (DPM), k-means clustering and other computer vision techniques to automatically locate the touched points. Planar homography is then applied to map the estimated touched points to a reference image of software keyboard keys. Recognition of passwords is extremely challenging given that no language model can be applied to correct estimated touched keys. Our threat model is that a webcam, smartphone or Google Glass is used for stealthy attack in scenarios such as conferences and similar gathering places. We address both cases of tapping with one finger and tapping with multiple fingers and two hands. Extensive experiments were performed to demonstrate the impact of this attack. The per-character (or per-digit) success rate is over 97% while the success rate of recognizing 4-character passcodes is more than 90%. Our work is the first to automatically and blindly recognize random passwords (or passcodes) typed on the touch screen of mobile devices with a very high success rate.
@inProceedings{
 title = {Blind Recognition of Touched Keys on Mobile Devices},
 type = {inProceedings},
 year = {2014},
 identifiers = {[object Object]},
 keywords = {attacks,keylogging,privacy,smartphone,vision},
 pages = {1403-1414},
 websites = {http://doi.acm.org/10.1145/2660267.2660288},
 id = {bd528bfa-402c-35ad-badf-d3170a5e0427},
 created = {2018-07-12T21:32:24.002Z},
 file_attached = {false},
 profile_id = {f954d000-ce94-3da6-bd26-b983145a920f},
 group_id = {b0b145a3-980e-3ad7-a16f-c93918c606ed},
 last_modified = {2018-07-12T21:32:24.002Z},
 read = {false},
 starred = {false},
 authored = {false},
 confirmed = {true},
 hidden = {false},
 citation_key = {yue:touchscreen-attack14},
 source_type = {inproceedings},
 private_publication = {false},
 abstract = {In this paper, we introduce a novel computer vision based attack that automatically discloses inputs on a touch-enabled device while the attacker cannot see any text or popup in a video of the victim tapping on the touch screen. We carefully analyze the shadow formation around the fingertip, apply the optical flow, deformable part-based model (DPM), k-means clustering and other computer vision techniques to automatically locate the touched points. Planar homography is then applied to map the estimated touched points to a reference image of software keyboard keys. Recognition of passwords is extremely challenging given that no language model can be applied to correct estimated touched keys. Our threat model is that a webcam, smartphone or Google Glass is used for stealthy attack in scenarios such as conferences and similar gathering places. We address both cases of tapping with one finger and tapping with multiple fingers and two hands. Extensive experiments were performed to demonstrate the impact of this attack. The per-character (or per-digit) success rate is over 97% while the success rate of recognizing 4-character passcodes is more than 90%. Our work is the first to automatically and blindly recognize random passwords (or passcodes) typed on the touch screen of mobile devices with a very high success rate.},
 bibtype = {inProceedings},
 author = {Yue, Qinggang and Ling, Zhen and Fu, Xinwen and Liu, Benyuan and Ren, Kui and Zhao, Wei},
 booktitle = {Proceedings of the ACM Conference on Computer and Communications Security (CCS)}
}

Downloads: 0