Side-Channel Inference Attacks on Mobile Keypads using Smartwatches
This addresses a security vulnerability for smartwatch users, exposing privacy risks through side-channel attacks, but it is incremental as it builds on existing smartphone-based methods.
The paper tackles the problem of inferring key presses on mobile numeric touchpads by exploiting smartwatch motion sensors as a side-channel, achieving fairly accurate results comparable to smartphone-based attacks, with combined sensors yielding better accuracy.
Smartwatches enable many novel applications and are fast gaining popularity. However, the presence of a diverse set of on-board sensors provides an additional attack surface to malicious software and services on these devices. In this paper, we investigate the feasibility of key press inference attacks on handheld numeric touchpads by using smartwatch motion sensors as a side-channel. We consider different typing scenarios, and propose multiple attack approaches to exploit the characteristics of the observed wrist movements for inferring individual key presses. Experimental evaluation using commercial off-the-shelf smartwatches and smartphones show that key press inference using smartwatch motion sensors is not only fairly accurate, but also comparable with similar attacks using smartphone motion sensors. Additionally, hand movements captured by a combination of both smartwatch and smartphone motion sensors yields better inference accuracy than either device considered individually.