TapLogger: Inferring user inputs on smartphone touchscreens using on-board motion sensors

Zhi Xu, Kun Bai, Sencun Zhu

Research output: Chapter in Book/Report/Conference proceedingConference contribution

192 Scopus citations

Abstract

Today's smartphones are shipped with various embedded motion sensors, such as the accelerometer, gyroscope, and orientation sensors. These motion sensors are useful in supporting the mobile UI innovation and motion-based commands. However, they also bring potential risks of leaking user's private information as they allow third party applications to monitor the motion changes of smartphones. In this paper, we study the feasibility of inferring a user's tap inputs to a smartphone with its integrated motion sensors. Specifically, we utilize an installed trojan application to stealthily monitor the movement and gesture changes of a smartphone using its on-board motion sensors. When the user is interacting with the trojan application, it learns the motion change patterns of tap events. Later, when the user is performing sensitive inputs, such as entering passwords on the touchscreen, the trojan application applies the learnt pattern to infer the occurrence of tap events on the touchscreen as well as the tapped positions on the touchscreen. For demonstration, we present the design and implementation of TapLogger, a trojan application for the Android platform, which stealthily logs the password of screen lock and the numbers entered during a phone call (e.g., credit card and PIN numbers). Statistical results are presented to show the feasibility of such inferences and attacks.

Original languageEnglish (US)
Title of host publicationWiSec'12 - Proceedings of the 5th ACM Conference on Security and Privacy in Wireless and Mobile Networks
Pages113-124
Number of pages12
DOIs
StatePublished - May 11 2012
Event5th ACM Conference on Security and Privacy in Wireless and Mobile Networks, WiSec'12 - Tucson, AZ, United States
Duration: Apr 16 2012Apr 18 2012

Publication series

NameWiSec'12 - Proceedings of the 5th ACM Conference on Security and Privacy in Wireless and Mobile Networks

Other

Other5th ACM Conference on Security and Privacy in Wireless and Mobile Networks, WiSec'12
CountryUnited States
CityTucson, AZ
Period4/16/124/18/12

    Fingerprint

All Science Journal Classification (ASJC) codes

  • Computer Networks and Communications

Cite this

Xu, Z., Bai, K., & Zhu, S. (2012). TapLogger: Inferring user inputs on smartphone touchscreens using on-board motion sensors. In WiSec'12 - Proceedings of the 5th ACM Conference on Security and Privacy in Wireless and Mobile Networks (pp. 113-124). (WiSec'12 - Proceedings of the 5th ACM Conference on Security and Privacy in Wireless and Mobile Networks). https://doi.org/10.1145/2185448.2185465