PIN Skimming: Exploiting the Ambient-Light Sensor in Mobile Devices

In this paper, we propose a new type of side channel which is based on the ambient-light sensor employed in today's mobile devices. The pervasive usage of mobile devices, i.e., smartphones and tablet computers and their vast amount of sensors represent a plethora of side channels posing a serious threat to the user's privacy and security. While recent advances in this area of research focused on the employed motion sensors and the camera as well as the sound, we investigate a less obvious source of information leakage, namely the ambient light. We successfully demonstrate that minor tilts and turns of mobile devices cause variations of the ambient-light sensor information. Thus, we are the first to show that this sensor leaks sensitive information. Furthermore, we demonstrate that these variations leak enough information to infer a user's personal identification number (PIN) input based on a set of known PINs. Our results show that we are able to determine the correct PIN---out of a set of 50 random PINs---within the first ten guesses about 80% of the time. In contrast, the chance of finding the right PIN by randomly guessing ten PINs would be 20%. Since the data required to perform such an attack can be gathered without any specific permissions or privileges, the presented side channel seriously jeopardizes the security and privacy of mobile-device owners.