
Hearing your touch: A new acoustic side channel on smartphones - godelmachine
https://arxiv.org/abs/1903.11137
======
sytelus
Pretty cool paper: they train LDA model to predict password from sound of taps
with 61% accuracy! This required background app running on device with access
to microphone. The obvious extension is to predict password from video clip of
someone entering it!

~~~
nine_k
The front camera has very little chance to register any finger motion on
screen, though.

Adding accelerometer (tilt / shift) data could help a little bit, because it's
correlated to the motion of typing hands, too.

~~~
JeremyBanks
It helps quite a bit. The relevant web APIs were retroactively rate-limitied
to mitigate these risks.

[https://bugs.chromium.org/p/chromium/issues/detail?id=421691](https://bugs.chromium.org/p/chromium/issues/detail?id=421691)

[https://arxiv.org/abs/1410.7746](https://arxiv.org/abs/1410.7746)

------
rjohnk
For PIN codes, would randomizing the placement of the keys on the virtual
10-key keyboard mitigate this?

~~~
azinman2
Yes, and it’d help with simple finger oil on screen analysis, but it’d make
for a frustrating ux.

~~~
plmpsu
LineageOS has this as an option.

It's actually not so bad UX-wise.

------
freen
Could be cool to combine with an accelerometer and have an accurate keyboard
with no moving parts and without multitouch. Could be quite rugged.

------
AtomicOrbital
Yet another reason why the mobile OS should (freeze / swap out / disable) an
app upon entering the background ... at a minimum the user needs to have more
control over degree to which above happens ... of course powers to be love a
smartphones current total lack of such privacy

------
inflatableDodo
I wonder how much accuracy you could get doing the same thing with the IMU.

~~~
moreati
> In controlled settings, our prediction model can on average classify the PIN
> entered 43% of the time and pattern 73% of the time within 5 attempts when
> selecting from a test set of 50 PINs and 50 patterns. In uncontrolled
> settings, while users are walking, our model can still classify 20% of the
> PINs and 40% of the patterns within 5 attempts.

[https://www.cs.swarthmore.edu/~aviv/papers/aviv-
acsac12-acce...](https://www.cs.swarthmore.edu/~aviv/papers/aviv-
acsac12-accel.pdf)

------
gdcohen
Brings a new meaning to touch typing.

