Abstract
Wearable technology provides user friendly and customized services with multiple sensor data. However, user’s sensor data is very personal and sensitive information. If malicious user abuses this information, it would cause huge social problems. In this paper, we present a novel hacking method to identify the user’s password from wearable devices. We gathered three axis acceleration information from user’s wearable devices and estimated the user’s activity. After then we conducted post-processing to eliminate the impossible cases. This approach reduces the password complexity by 99.99 %.
This work was partly supported by Institute for Information & communications Technology Promotion(IITP) grant funded by the Korea government (MSIP) (No.10043907, Development of high performance IoT device and Open Platform with Intelligent Software) and the MSIP (Ministry of Science, ICT and Future Planning), Korea, under the ITRC(Information Technology Research Center) support program (IITP-2015-H8501-15-1017) supervised by the IITP(Institute for Information & communications Technology Promotion).
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Your ID number is not a password, November 2010. http://webb-site.com/articles/identity.asp
Aviv, A.J., Sapp, B., Blaze, M., Smith, J.M.: Practicality of accelerometer side channels on smartphones. In: Proceedings of the 28th Annual Computer Security Applications Conference, pp. 41–50. ACM (2012)
Chang, A.: Your door is about to get clever 5 smart locks compared, March 2013. http://www.wired.com/2013/06/smart-locks/
Chowdhury, T., Aarabi, P., Zhou, W., Zhonglin, Y., Zou, K.: Extended touch mobile user interfaces through sensor fusion. In: 16th International Conference on Information Fusion (FUSION), pp. 623–629. IEEE (2013)
Heater, B.: Goji’s Smart Lock snaps pictures welcomes you by name, July 2013. http://www.engadget.com/2013/06/04/goji-smart-lock/
Hoanca, B., Mock, K.J.: Screen oriented technique for reducing the incidence of shoulder surfing. In: Security and Management, pp. 334–340 (2005)
Kim, I.: Keypad against brute force attacks on smartphones. IET Inf. Secur. 6(2), 71–76 (2012)
Lee, C.: System and method for secure data entry. US Patent App. 13/093,141, 25 April 2011
Marquardt, P., Verma, A., Carter, H., Traynor, P.: (sp)iPhone: decoding vibrations from nearby keyboards using mobile phone accelerometers. In: Proceedings of the 18th ACM Conference on Computer and Communications Security, pp. 551–562. ACM (2011)
McIntyre, K.E., Sheets, J.F., Gougeon, D.A.J., Watson, C.W., Morlang, K.P., Faoro, D.: Method for secure pin entry on touch screen display. US Patent 6,549,194, 15 April 2003
Michalevsky, Y., Boneh, D., Nakibly, G.: Gyrophone: Recognizing speech from gyroscope signals. In: Proceeding 23rd USENIX Security Symposium (SEC 2014). USENIX Association (2014)
Narain, S., Sanatinia, A., Noubir, G.: Single-stroke language-agnostic keylogging using stereo-microphones and domain specific machine learning. In: Proceedings of the ACM Conference on Security and Privacy in Wireless & Mobile Networks, pp. 201–212. ACM (2014)
Owusu, E., Han, J., Das, S., Perrig, A., Zhang, J.: Accessory: password inference using accelerometers on smartphones. In: Proceedings of the Twelfth Workshop on Mobile Computing Systems & Applications, p. 9. ACM (2012)
Shin, H.-S.: Device and method for inputting password using random keypad. US Patent 7,698,563, 13 April 2010
Simon, L., Anderson, R.: Pin skimmer: Inferring pins through the camera and microphone. In: Proceedings of the Third ACM Workshop on Security and Privacy in Smartphones & Mobile Devices, pp. 67–78. ACM (2013)
Spreitzer, R.: Pin skimming: exploiting the ambient-light sensor in mobile devices. In: Proceedings of the 4th ACM Workshop on Security and Privacy in Smartphones & Mobile Devices, pp. 51–62. ACM (2014)
Xu, Z., Bai, K., Zhu, S.: Taplogger: Inferring user inputs on smartphone touchscreens using on-board motion sensors. In: Proceedings of the fifth ACM Conference on Security and Privacy in Wireless and Mobile Networks, pp. 113–124. ACM (2012)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this paper
Cite this paper
Seo, H., Liu, Z., Seo, G., Park, T., Choi, J., Kim, H. (2016). Open Sesame! Hacking the Password. In: Kim, Hw., Choi, D. (eds) Information Security Applications. WISA 2015. Lecture Notes in Computer Science(), vol 9503. Springer, Cham. https://doi.org/10.1007/978-3-319-31875-2_18
Download citation
DOI: https://doi.org/10.1007/978-3-319-31875-2_18
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-31874-5
Online ISBN: 978-3-319-31875-2
eBook Packages: Computer ScienceComputer Science (R0)