Capacitive Touchscreens at Risk: Recovering Handwritten Trajectory on Smartphone via Electromagnetic Emanations
It exposes a new side-channel vulnerability in capacitive touchscreens, enabling non-contact recovery of handwriting for security-critical applications like password inference.
This paper reveals that electromagnetic emanations from capacitive touchscreens can be exploited to recover handwritten trajectories, achieving 77% character recognition accuracy and a Jaccard index of 0.74 on commercial smartphones.
This paper reveals and exploits a critical security vulnerability: the electromagnetic (EM) side channel of capacitive touchscreens leaks sufficient information to recover fine-grained, continuous handwriting trajectories. We present Touchscreen Electromagnetic Side-channel Leakage Attack (TESLA), a non-contact attack framework that captures EM signals generated during on-screen writing and regresses them into two-dimensional (2D) handwriting trajectories in real time. Extensive evaluations across a variety of commercial off-the-shelf (COTS) smartphones show that TESLA achieves 77% character recognition accuracy and a Jaccard index of 0.74, demonstrating its capability to recover highly recognizable motion trajectories that closely resemble the original handwriting under realistic attack conditions.