Skip to main content
SpringerLink
Log in

Open Sesame! Hacking the Password

  • Conference paper
Book cover Information Security Applications (WISA 2015)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 9503))

Included in the following conference series:

  • 1298 Accesses

Abstract

Wearable technology provides user friendly and customized services with multiple sensor data. However, user’s sensor data is very personal and sensitive information. If malicious user abuses this information, it would cause huge social problems. In this paper, we present a novel hacking method to identify the user’s password from wearable devices. We gathered three axis acceleration information from user’s wearable devices and estimated the user’s activity. After then we conducted post-processing to eliminate the impossible cases. This approach reduces the password complexity by 99.99 %.

This work was partly supported by Institute for Information & communications Technology Promotion(IITP) grant funded by the Korea government (MSIP) (No.10043907, Development of high performance IoT device and Open Platform with Intelligent Software) and the MSIP (Ministry of Science, ICT and Future Planning), Korea, under the ITRC(Information Technology Research Center) support program (IITP-2015-H8501-15-1017) supervised by the IITP(Institute for Information & communications Technology Promotion).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Your ID number is not a password, November 2010. http://webb-site.com/articles/identity.asp

  2. Aviv, A.J., Sapp, B., Blaze, M., Smith, J.M.: Practicality of accelerometer side channels on smartphones. In: Proceedings of the 28th Annual Computer Security Applications Conference, pp. 41–50. ACM (2012)

    Google Scholar 

  3. Chang, A.: Your door is about to get clever 5 smart locks compared, March 2013. http://www.wired.com/2013/06/smart-locks/

  4. Chowdhury, T., Aarabi, P., Zhou, W., Zhonglin, Y., Zou, K.: Extended touch mobile user interfaces through sensor fusion. In: 16th International Conference on Information Fusion (FUSION), pp. 623–629. IEEE (2013)

    Google Scholar 

  5. Heater, B.: Goji’s Smart Lock snaps pictures welcomes you by name, July 2013. http://www.engadget.com/2013/06/04/goji-smart-lock/

  6. Hoanca, B., Mock, K.J.: Screen oriented technique for reducing the incidence of shoulder surfing. In: Security and Management, pp. 334–340 (2005)

    Google Scholar 

  7. Kim, I.: Keypad against brute force attacks on smartphones. IET Inf. Secur. 6(2), 71–76 (2012)

    Article  Google Scholar 

  8. Lee, C.: System and method for secure data entry. US Patent App. 13/093,141, 25 April 2011

    Google Scholar 

  9. Marquardt, P., Verma, A., Carter, H., Traynor, P.: (sp)iPhone: decoding vibrations from nearby keyboards using mobile phone accelerometers. In: Proceedings of the 18th ACM Conference on Computer and Communications Security, pp. 551–562. ACM (2011)

    Google Scholar 

  10. McIntyre, K.E., Sheets, J.F., Gougeon, D.A.J., Watson, C.W., Morlang, K.P., Faoro, D.: Method for secure pin entry on touch screen display. US Patent 6,549,194, 15 April 2003

    Google Scholar 

  11. Michalevsky, Y., Boneh, D., Nakibly, G.: Gyrophone: Recognizing speech from gyroscope signals. In: Proceeding 23rd USENIX Security Symposium (SEC 2014). USENIX Association (2014)

    Google Scholar 

  12. Narain, S., Sanatinia, A., Noubir, G.: Single-stroke language-agnostic keylogging using stereo-microphones and domain specific machine learning. In: Proceedings of the ACM Conference on Security and Privacy in Wireless & Mobile Networks, pp. 201–212. ACM (2014)

    Google Scholar 

  13. Owusu, E., Han, J., Das, S., Perrig, A., Zhang, J.: Accessory: password inference using accelerometers on smartphones. In: Proceedings of the Twelfth Workshop on Mobile Computing Systems & Applications, p. 9. ACM (2012)

    Google Scholar 

  14. Shin, H.-S.: Device and method for inputting password using random keypad. US Patent 7,698,563, 13 April 2010

    Google Scholar 

  15. Simon, L., Anderson, R.: Pin skimmer: Inferring pins through the camera and microphone. In: Proceedings of the Third ACM Workshop on Security and Privacy in Smartphones & Mobile Devices, pp. 67–78. ACM (2013)

    Google Scholar 

  16. Spreitzer, R.: Pin skimming: exploiting the ambient-light sensor in mobile devices. In: Proceedings of the 4th ACM Workshop on Security and Privacy in Smartphones & Mobile Devices, pp. 51–62. ACM (2014)

    Google Scholar 

  17. Xu, Z., Bai, K., Zhu, S.: Taplogger: Inferring user inputs on smartphone touchscreens using on-board motion sensors. In: Proceedings of the fifth ACM Conference on Security and Privacy in Wireless and Mobile Networks, pp. 113–124. ACM (2012)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Computer Science and Engineering, Pusan National University, San-30, Jangjeon-Dong, Geumjeong-Gu, Busan, 609–735, Republic of Korea

    Hwajeong Seo, Gyuwon Seo, Taehwan Park, Jongseok Choi & Howon Kim

  2. Laboratory of Algorithmics, Cryptology and Security (LACS), University of Luxembourg, 6, rue R. Coudenhove-Kalergi, 1359, Luxembourg-kirchberg, Luxembourg

    Zhe Liu

Authors
  1. Hwajeong Seo
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Zhe Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Gyuwon Seo
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Taehwan Park
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Jongseok Choi
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Howon Kim
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Howon Kim .

Editor information

Editors and Affiliations

  1. Pusan National University, Busan, Korea (Republic of)

    Ho-won Kim

  2. Electronics and Telecommunications Research Institute, Daejeon, Korea (Republic of)

    Dooho Choi

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing Switzerland

About this paper

Cite this paper

Seo, H., Liu, Z., Seo, G., Park, T., Choi, J., Kim, H. (2016). Open Sesame! Hacking the Password. In: Kim, Hw., Choi, D. (eds) Information Security Applications. WISA 2015. Lecture Notes in Computer Science(), vol 9503. Springer, Cham. https://doi.org/10.1007/978-3-319-31875-2_18

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-31875-2_18

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-31874-5

  • Online ISBN: 978-3-319-31875-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation