Side-Channel Inference Attacks on Mobile Keypads using Smartwatches

TL;DR

This paper demonstrates that smartwatch motion sensors can effectively infer numeric keypad presses on smartphones, revealing a significant security vulnerability through side-channel attacks.

Contribution

It introduces novel attack methods exploiting smartwatch sensors for key press inference and compares their effectiveness with smartphone sensors.

Findings

Smartwatch sensors can accurately infer keypad presses.

Combining smartwatch and smartphone sensors improves inference accuracy.

The attack is feasible with commercial off-the-shelf devices.

Abstract

Smartwatches enable many novel applications and are fast gaining popularity. However, the presence of a diverse set of on-board sensors provides an additional attack surface to malicious software and services on these devices. In this paper, we investigate the feasibility of key press inference attacks on handheld numeric touchpads by using smartwatch motion sensors as a side-channel. We consider different typing scenarios, and propose multiple attack approaches to exploit the characteristics of the observed wrist movements for inferring individual key presses. Experimental evaluation using commercial off-the-shelf smartwatches and smartphones show that key press inference using smartwatch motion sensors is not only fairly accurate, but also comparable with similar attacks using smartphone motion sensors. Additionally, hand movements captured by a combination of both smartwatch and smartphone motion sensors yields better inference accuracy than either device considered individually.