Periscope: A Keystroke Inference Attack Using Human Coupled Electromagnetic Emanations

Jin, Wenqiang; Murali, Srinivasan; Zhu, Huadi; Li, Ming

doi:10.1145/3460120.3484549

Cited by 12 publications

(9 citation statements)

References 45 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Acoustic Keystroke Inference Attacks. Keystroke inference attacks have been conducted through side channels such as network traffic [63], videos [56], [11], electromagnetic signals [26], device motion [64], [37], [33], and ambient light variation [55]. Acoustic attacks are practical due to their stealthiness and easy access to sound signals.…”

Section: Related Workmentioning

confidence: 99%

Eavesdropping on Controller Acoustic Emanation for Keystroke Inference Attack in Virtual Reality

Luo,

Nguyen,

Farooq

et al. 2024

Proceedings 2024 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

Understanding the vulnerability of virtual reality (VR) is crucial for protecting sensitive data and building user trust in VR ecosystems. Previous attacks have demonstrated the feasibility of inferring VR keystrokes inside head-mounted displays (HMDs) by recording side-channel signals generated during user-HMD interactions. However, these attacks are heavily constrained by the physical layout or victim pose in the attack scenario since the recording device must be strictly positioned and oriented in a particular way with respect to the victim. In this paper, we unveil a placement-flexible keystroke inference attack in VR by eavesdropping the clicking sounds of the moving hand controller during keystrokes. The malicious recording smartphone can be placed anywhere surrounding the victim, making the attack more flexible and practical to deploy in VR environments. As the first acoustic attack in VR, our system, Heimdall, overcomes unique challenges unaddressed by previous acoustic attacks on physical keyboards and touchscreens. These challenges include differentiating sounds in a 3D space, adaptive mapping between keystroke sound and key in varying recording placement, and handling occasional hand rotations. Experiments with 30 participants show that Heimdall achieves key inference accuracy of 96.51% and top-5 accuracy of 85.14%-91.22% for inferring passwords with 4-8 characters. Heimdall is also robust under various practical impacts such as smartphone-user placement, attack environments, hardware models, and victim conditions.

show abstract

Section: Related Workmentioning

confidence: 99%

Eavesdropping on Controller Acoustic Emanation for Keystroke Inference Attack in Virtual Reality

Luo,

Nguyen,

Farooq

et al. 2024

Proceedings 2024 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

show abstract

“…Prior work uses side-channels such as electromagnetic emanations [24], [60], reflections [7], smartphone accelerometers [37], [45], timing [58], and performance counters [67] to infer keystrokes on personal computers and mobile devices.…”

Section: Related Work a Keystroke Side-channel Attacksmentioning

confidence: 99%

Acoustic Keystroke Leakage on Smart Televisions

Kannan,

Wang,

Sunog

et al. 2024

Proceedings 2024 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

Smart Televisions (TVs) are internet-connected TVs that support video streaming applications and web browsers. Users enter information into Smart TVs through on-screen virtual keyboards. These keyboards require users to navigate between keys with directional commands from a remote controller. Given the extensive functionality of Smart TVs, users type sensitive information (e.g., passwords) into these devices, making keystroke privacy necessary. This work develops and demonstrates a new side-channel attack that exposes keystrokes from the audio of two popular Smart TVs: Apple and Samsung. This side-channel attack exploits how Smart TVs make different sounds when selecting a key, moving the cursor, and deleting a character. These properties allow an attacker to extract the number of cursor movements between selections from the TV's audio. Our attack uses this extracted information to identify the likeliest typed strings. Against realistic users, the attack finds up to 33.33% of credit card details and 60.19% of common passwords within 100 guesses. This vulnerability has been acknowledged by Samsung and highlights how Smart TVs must better protect sensitive data.

show abstract

“…One may consider keyboard randomization [34] as an indirect defense strategy, where a randomly keyboard layout is generated whenever a user attempts to enter password. By shifting the trouble to user side, this strategy, as indicated by [31], forces users to pay more effort when searching for keys on random keyboards, especially affects those used to relying on muscle memory to enter passwords without much visual aid.…”

Section: Defense Strategiesmentioning

confidence: 99%

“…Vuagnoux et al [60] propose to eavesdrop on keystrokes from wired and wireless keyboards by capturing electromagnetic emissions during their communications. A later work Periscope [31] extends this idea to a broader range of mobile devices by exploiting human-coupled emission from touchscreens to estimate finger movement trajectories and infer numerical passwords. Vulnerabilities in USB data transfers have also been exploited for password-stealing [44] and malicious command execution [58].…”

Section: Related Workmentioning

confidence: 99%

“…Bearing no need to have a visual on the target screen, the indirect attacks often incur a much higher risk as they leverage side-channels to infer passwords in a stealthy manner. Typical side-channels considered by prior works include acoustic [36,73], electromagnetic emission [31], indirect vision [11,53,57,69], and motion sensors [9,37,43]. Though they have demonstrated successes for particular scenarios, these successes often rely on strong assumptions [34], including i) eavesdropping devices are in proximity to the victim device (e.g., in centimeter scale or within line-of-sight region) [11,31,36,37,43,53], ii) rogue software have been implanted to the victim device [9,37,73], and iii) the content to eavesdrop has linguistic structure [2,37,43,69].…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Password-Stealing without Hacking: Wi-Fi Enabled Practical Keystroke Eavesdropping

Hu,

Wang,

Zheng

et al. 2023

Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security

View full text Add to dashboard Cite

The contact-free sensing nature of Wi-Fi has been leveraged to achieve privacy breaches, yet existing attacks relying on Wi-Fi CSI (channel state information) demand hacking Wi-Fi hardware to obtain desired CSIs. Since such hacking has proven prohibitively hard due to compact hardware, its feasibility in keeping up with fast-developing Wi-Fi technology becomes very questionable. To this end, we propose WiKI-Eve to eavesdrop keystrokes on smartphones without the need for hacking. WiKI-Eve exploits a new feature, BFI (beamforming feedback information), offered by latest Wi-Fi hardware: since BFI is transmitted from a smartphone to an AP in clear-text, it can be overheard (hence eavesdropped) by any other Wi-Fi devices switching to monitor mode. As existing keystroke inference methods offer very limited generalizability, WiKI-Eve further innovates in an adversarial learning scheme to enable its inference generalizable towards unseen scenarios. We implement WiKI-Eve and conduct extensive evaluation on it; the results demonstrate that WiKI-Eve achieves 88.9% inference accuracy for individual keystrokes and up to 65.8% top-10 accuracy for stealing passwords of mobile applications (e.g., WeChat).

show abstract

Periscope: A Keystroke Inference Attack Using Human Coupled Electromagnetic Emanations

Cited by 12 publications

References 45 publications

Eavesdropping on Controller Acoustic Emanation for Keystroke Inference Attack in Virtual Reality

Eavesdropping on Controller Acoustic Emanation for Keystroke Inference Attack in Virtual Reality

Acoustic Keystroke Leakage on Smart Televisions

Password-Stealing without Hacking: Wi-Fi Enabled Practical Keystroke Eavesdropping

Contact Info

Product

Resources

About