How privacy leaks from bluetooth mouse?

Pan, Xian; Ling, Zhen; Pingley, Aniket; Yu, Wei; Zhang, Nan; Fu, Xinwen

doi:10.1145/2382196.2382309

Cited by 13 publications

(5 citation statements)

References 0 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Our attack model is easy to launch, as it only requires the user's hand movement patterns to attack the targeted authentication systems. As shown in several prior studies [14,28,38,52], Bluetooth-or WiFi-enabled wearable devices (e.g., smartwatches and wristbands) have become the targets of attacks, and various personal private information (e.g., motion data) has suffered from the increasing risks of leakage and disclosure. In this study, it is assumed that the attacker can gain access to the legitimate user's hand movement patterns by compromising the user's wearable devices.…”

Section: Output: Mimicked Eeg Features a Mimicmentioning

confidence: 99%

Thinking Unveiled

et al. 2020

View full text Add to dashboard Cite

Very few studies have explored linkages between physiological, such as electroencephalograph (EEG), and behavioral patterns, such as wrist movements. These linkages provide us a unique mechanism to predict one set of patterns from other related patterns. Unlike conventional biometrics, EEG biometrics are hard to spoof using standard presentation attack methods, given the intrinsic liveness resulting from the bounded randomness of EEG signals specific to an individual. In this article, we propose a novel attack on the EEG-based authentication systems by investigating and leveraging the strong correlation between hand movements and brain signals captured through the motion sensors on a smartwatch and the wearable EEG headset, respectively. Based on this technique, we can successfully estimate the user's EEG signals from the stolen hand movement data while the user was typing on the keyboard. Our attack results on the EEG biometric authentication system show an increase in the mean equal error rates of the classifiers by between 180% and 360% based on a dataset of 59 users. In summary, our pilot study calls for a rethinking of EEG-based authentication mechanisms from the perspective of unique vulnerabilities, particularly for multimodal biometric systems involving a variety of wearable or mobile devices.

show abstract

Section: Output: Mimicked Eeg Features a Mimicmentioning

confidence: 99%

Thinking Unveiled

et al. 2020

View full text Add to dashboard Cite

show abstract

“…Spoofing Attack. An adversary can launch spoofing attacks by mimicking a user's mobile device and build connections to the user's wearable devices using the adversary's mobile device [15]. If success, the adversary could use his own mobile device to directly access the sensor data from the target user's wearable devices.…”

Section: B Threat Modelsmentioning

confidence: 99%

WristSpy: Snooping Passcodes in Mobile Payment Using Wrist-worn Wearables

Wang

Liu

Guo

et al. 2019

IEEE INFOCOM 2019 - IEEE Conference on Computer Communications

View full text Add to dashboard Cite

Mobile payment has drawn considerable attention due to its convenience of paying via personal mobile devices at anytime and anywhere, and passcodes (i.e., PINs or patterns) are the first choice of most consumers to authorize the payment. This paper demonstrates a serious security breach and aims to raise the awareness of the public that the passcodes for authorizing transactions in mobile payments can be leaked by exploiting the embedded sensors in wearable devices (e.g., smartwatches). We present a passcode inference system, WristSpy, which examines to what extent the user's PIN/pattern during the mobile payment could be revealed from a single wrist-worn wearable device under different passcode input scenarios involving either two hands or a single hand. In particular, WristSpy has the capability to accurately reconstruct fine-grained hand movement trajectories and infer PINs/patterns when mobile and wearable devices are on two hands through building a Euclidean distance-based model and developing a training-free parallel PIN/pattern inference algorithm. When both devices are on the same single hand, a highly challenging case, WristSpy extracts multi-dimensional features by capturing the dynamics of minute hand vibrations and performs machine-learning based classification to identify PIN entries. Extensive experiments with 15 volunteers and 1600 passcode inputs demonstrate that an adversary is able to recover a user's PIN/pattern with up to 92% success rate within 5 tries under various input scenarios.

show abstract

“…Wang et al showed that the sensors embedded in wrist-worn wearable devices, such as smartwatches and ftness trackers, can be utilized to discriminate mm-level distances of the user's fne-grained hand movements during the key-entry activities [6]. Pan et al showed that it is possible to recover password input with a Bluetooth mouse and an on-screen keyboard by capturing Bluetooth communication packets [7]. It was further reported in [8,9] that adversaries can obtain the readings of sensors in wearable devices via snifng Bluetooth communications and analyzing the data packets.…”

Section: Introductionmentioning

confidence: 99%

Deception Attacks against Android-Based Smart Bracelets

gao

Xie

2023

Security and Communication Networks

View full text Add to dashboard Cite

The rapid development of the intelligent equipment industry has promoted the emergence of a series of emerging industries, effectively improving the technical level of society and people’s quality of life. Due to the inherent characteristics of smart devices, smart devices face serious privacy disclosure risks. Therefore, we have studied the security problem of the widely used smart device smart bracelet in this paper. We have adopted the attack method from easy to difficult to obtain the reading and writing instructions and timing characteristics of the intelligent devices to attack and steal private information. Specifically, we first attack through the strategy of log analysis; if this method is unable to obtain effective information, then we further acquire sensitive information on the basis of hook technology; and if the method on the basis of hook technology is still unable to obtain relevant information, then we will further use reverse engineering to conduct reverse analysis on the app to obtain sensitive information. Second, we develop a fake app on the basis of sensitive information and use it as a bridge to attack intelligent devices. In order to verify the effectiveness of the method, we successfully attacked and stole information from three popular business intelligence bracelets of different brands on the basis of the proposed method. The first step is to develop a fake app on the basis of the identified vulnerabilities. This app can bypass the protection measures of confusion and forced pairing and resetting to cheat the smart bracelet and can successfully enable or disable the jitters function remotely to modify the time and to obtain the sensitive data of the smart bracelet owner. In our attack process, we do not need the cooperation of the owner of the smart bracelet, nor do we need the target smart bracelet to match with our app.

show abstract

How privacy leaks from bluetooth mouse?

Cited by 13 publications

References 0 publications

Thinking Unveiled

Thinking Unveiled

WristSpy: Snooping Passcodes in Mobile Payment Using Wrist-worn Wearables

Deception Attacks against Android-Based Smart Bracelets

Contact Info

Product

Resources

About