Hearing your touch: a new acoustic side channel on smartphones
Hearing your touch: a new acoustic side channel on smartphones
We present the first acoustic side-channel attack that recovers what users type on the virtual keyboard of their touch-screen smartphone or tablet. When a user taps the screen with a finger, the tap generates a sound wave that propagates on the screen surface and in the air. We found the device's microphone(s) can recover this wave and "hear" the finger's touch, and the wave's distortions are characteristic of the tap's location on the screen. Hence, by recording audio through the built-in microphone(s), a malicious app can infer text as the user enters it on their device. We evaluate the effectiveness of the attack with 45 participants in a real-world environment on an Android tablet and an Android smartphone. For the tablet, we recover 61% of 200 4-digit PIN-codes within 20 attempts, even if the model is not trained with the victim's data. For the smartphone, we recover 9 words of size 7--13 letters with 50 attempts in a common side-channel attack benchmark. Our results suggest that it not always sufficient to rely on isolation mechanisms such as TrustZone to protect user input. We propose and discuss hardware, operating-system and application-level mechanisms to block this attack more effectively. Mobile devices may need a richer capability model, a more user-friendly notification system for sensor usage and a more thorough evaluation of the information leaked by the underlying hardware.
cs.CR, cs.AI
Shumailov, Ilia
0bdc7210-e73f-4dce-84f6-1e70ddb6bb54
Simon, Laurent
5766ba25-ca8f-4271-bcaf-c70b788eecac
Yan, Jeff
a2c03187-3722-46c8-b73b-439eb9d1a10e
Anderson, Ross
cb06c281-f6bf-4f64-a3a2-62936d406509
26 March 2019
Shumailov, Ilia
0bdc7210-e73f-4dce-84f6-1e70ddb6bb54
Simon, Laurent
5766ba25-ca8f-4271-bcaf-c70b788eecac
Yan, Jeff
a2c03187-3722-46c8-b73b-439eb9d1a10e
Anderson, Ross
cb06c281-f6bf-4f64-a3a2-62936d406509
[Unknown type: UNSPECIFIED]
Abstract
We present the first acoustic side-channel attack that recovers what users type on the virtual keyboard of their touch-screen smartphone or tablet. When a user taps the screen with a finger, the tap generates a sound wave that propagates on the screen surface and in the air. We found the device's microphone(s) can recover this wave and "hear" the finger's touch, and the wave's distortions are characteristic of the tap's location on the screen. Hence, by recording audio through the built-in microphone(s), a malicious app can infer text as the user enters it on their device. We evaluate the effectiveness of the attack with 45 participants in a real-world environment on an Android tablet and an Android smartphone. For the tablet, we recover 61% of 200 4-digit PIN-codes within 20 attempts, even if the model is not trained with the victim's data. For the smartphone, we recover 9 words of size 7--13 letters with 50 attempts in a common side-channel attack benchmark. Our results suggest that it not always sufficient to rely on isolation mechanisms such as TrustZone to protect user input. We propose and discuss hardware, operating-system and application-level mechanisms to block this attack more effectively. Mobile devices may need a richer capability model, a more user-friendly notification system for sensor usage and a more thorough evaluation of the information leaked by the underlying hardware.
More information
Published date: 26 March 2019
Additional Information:
Paper built on the MPhil thesis of Ilia Shumailov. 2017
Keywords:
cs.CR, cs.AI
Identifiers
Local EPrints ID: 500795
URI: http://eprints.soton.ac.uk/id/eprint/500795
PURE UUID: b20c0354-25c8-416b-aef7-2ca9a179f67f
Catalogue record
Date deposited: 13 May 2025 16:51
Last modified: 21 Aug 2025 04:42
Export record
Contributors
Author:
Ilia Shumailov
Author:
Laurent Simon
Author:
Jeff Yan
Author:
Ross Anderson
Download statistics
Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.
View more statistics