PIN Skimming: Exploiting the Ambient-Light Sensor in Mobile Devices

Raphael Spreitzer

Publikation: Beitrag in Buch/Bericht/KonferenzbandBeitrag in einem Konferenzband

Abstract

The pervasive usage of mobile devices, i.e., smartphones and tablet computers, and their vast amount of sensors represent a plethora of side channels posing a serious threat to the user's privacy and security. In this paper, we propose a new type of side channel which is based on the ambient-light sensor employed in today's mobile devices. While recent advances in this area of research focused on the employed motion sensors and the camera as well as the sound, we investigate a less obvious source of information leakage, namely the ambient light. We successfully demonstrate that minor tilts and turns of mobile devices cause variations of the ambient-light sensor information. Furthermore, we show that these variations leak enough information to infer a user's personal identification number (PIN) input based on a set of known PINs. Our results clearly show that we are able to determine the correct PIN---out of a set of 50 random PINs---within the first ten guesses about 80% of the time. In contrast, the chance of finding the right PIN by randomly guessing ten PINs would be 20%. Since the data required to perform such an attack can be gathered without any specific permissions or privileges, the presented attack seriously jeopardizes the security and privacy of mobile-device owners.
Originalspracheenglisch
Titel4th Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM)
Herausgeber (Verlag)Association of Computing Machinery
Seiten51-62
DOIs
PublikationsstatusVeröffentlicht - 2014
VeranstaltungAnnual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices - Scottsdale, Arizona, USA / Vereinigte Staaten
Dauer: 7 Nov 20147 Nov 2014

Konferenz

KonferenzAnnual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices
LandUSA / Vereinigte Staaten
OrtScottsdale, Arizona
Zeitraum7/11/147/11/14

Fields of Expertise

  • Information, Communication & Computing

Treatment code (Nähere Zuordnung)

  • Application

Fingerprint

Untersuchen Sie die Forschungsthemen von „PIN Skimming: Exploiting the Ambient-Light Sensor in Mobile Devices“. Zusammen bilden sie einen einzigartigen Fingerprint.

Dieses zitieren