Emmanuel Owusu, Jun Han, Sauvik Das, Adrian Perrig, and Joy Zhang
Workshop on Mobile Computing Systems and Applications (HotMobile)
We show that accelerometer readings are a powerful side channel that can be used to extract entire sequences of entered text on a smartphone touchscreen keyboard. This possibility is a concern for two main reasons. First, unauthorized access to one’s keystrokes is a serious invasion of privacy as consumers increasingly use smartphones for sensitive transactions. Second, unlike many other sensors found on smartphones, the accelerometer does not require special privileges to access on current smartphone OSes. We show that accelerometer measurements can be used to extract 6-character passwords in as few as 4.5 trials (median).