Research On Smartphone Attack Method Based On Keystroke Detection

The extensive coverage of mobile communication and Wi Fi networks has greatly promoted the development of mobile terminals represented by smartphones.At present,smartphones bring great convenience to people's lives with an intuitive user interface,efficient processing capabilities and rich and colorful applications.But at the same time,the large amount of private and sensitive data stored on the device makes it the primary target of the attacker.Since the traditional smartphone attack method is mainly implemented based on the way of interacting with the user,it loses the effect along with the corresponding abnormal behavior detection method,thereby reducing the user's awareness of security.Therefore,it is of great significance to study a new type of smartphone attack method.Based on the analysis of traditional smartphone attack methods,this paper studies the keystroke privacy security issues in the two major smartphone business,and proposes two new smartphone attack methods that do not interact with users and are based on keystroke detection,and the feasibility of the attack is verified in the real environment.The main research contents and contributions of this thesis are as follows:(1)For the mobile payment service of smartphones,a smartphone keystroke detection method based on Channel State Information(CSI)is proposed.First,the CSI data of the user's keystroke is extracted by the characteristics of the Wi Fi signal fluctuation caused by the user performing the keystroke payment on the smartphone.Next,these CSI data are pre-processed,including Hampel outlier discrimination,Butterworth low pass filter,and Principal Component Analysis(PCA)processing.Then,a dual judgment algorithm based on environmental threshold is proposed to detect and extract the waveform of each keystroke.Finally,an improved k-Nearest Neighbor(k NN)classification algorithm based on Dynamic Time Warping(DTW)is proposed to classify each key waveform and identify the user's keystroke content.By attacking the smartphones' We Chat pay,the method can achieve an average keystroke extraction accuracy of 80.45% and an average keystroke recognition accuracy of 74.24%.(2)For the mobile call service of smartphones,a smartphone keystroke detection method based on Dual Tone Multi Frequency(DTMF)signal is proposed.First,the attacker uses a smartphone to record the keystroke when the victim makes a call and uploads the recording to the cloud server.Next,these recorded data are denoised and framed and windowed.Then,a double threshold endpoint detection algorithm based on short-term energy and zero-crossing rate is used to detect and extract the DTMF signal generated by the keystroke.Finally,the Goertzel classification algorithm is used to classify the DTMF signals of each keystroke to identify the user's keystroke content.By attacking the smartphones' dial keypad,the method can crack more than 80% of the keystroke data under the condition of 10 db signal-to-noise ratio and no interaction with the user's smartphone.