| Smartphones have become a necessity in modern life due to their powerful func-tions and portability. People carry the tiny devices everywhere for daily activities, such as online chatting, social networking, and internet surfing. People type a lot when us-ing the device, inevitably, their inputs are sensitive and valuable for attackers, such as chat logs, email contents, and passwords. Android’s security mechanisms as well as developers’careful design make it hard for attackers to steal the inputs. For example, malwares can not get inputs on the soft keyboard due to Android’s sandboxing. Mal-wares also need to request permissions for sensitive information such as SMS messages, due to the permission mechanisms. Developers will also encrypt some other data such as chat logs and passwords. So that even attacker get the data, they do not get the orig-inal text. Based on the above points, we have to bypass those security restrictions for stealing the user inputs.Researchers have found that tap locations on screen can be roughly inferred from motion data of the device, which we can utilize for stealing user inputs. Today’s smart-phones are equipped with precise motion sensors like accelerometer and gyroscope. They can measure tiny motion and rotation of devices and return the motion data. In most cases, motion sensors are used in the action games and fitness applications. For example in some racing games, users control the travlling direction by tilting the de-vices. Generally, the use of motion data does not cause the user privacy leak. Third party applications can access the sensor readings without requiring explicit permissions on major mobile platforms. However the findings of researchers make the sensors a side-channel for inferring user inputs. They mostly utilized this side-channel for infer-ring short input like PIN numbers and passwords, while other long inputs like chat logs also contain sensitive information about the users. The main target of our work is to steal those long inputs.Long inputs appears much more than the short inputs, so the overhead for the raw data collection and analysis cannot be underestimated. To make our attack practical, we utilize the shared memory side-channel for detecting window events of the soft key-board. We only collect raw data when the keyboard is on. Since users’time of using the keyboard is much less than that of using target applications, it is more practical than monitoring the target applications for collection in our case. The shared memory side-channel can also be used for tap events detection, so that we can get the start and end of the taps. After we extract features of the data, we use machine learning algorithms to predict the input text, the output text is ambiguous and hard to read. We utilize language models to further correct the wrong predictions into readable sentences. We performed experiments on two reallife scenarios, which were writing emails and posting Twitter messages. Based on the experiments, we show the feasibility of inferring long user inputs to readable sentences with general idea. |
PDF Full Text Request