Stealing Passwords by Observing Hands Movement

You are here

Top Reasons to Join SPS Today!

1. IEEE Signal Processing Magazine
2. Signal Processing Digital Library*
3. Inside Signal Processing Newsletter
4. SPS Resource Center
5. Career advancement & recognition
6. Discounts on conferences and publications
7. Professional networking
8. Communities for students, young professionals, and women
9. Volunteer opportunities
10. Coming soon! PDH/CEU credits
Click here to learn more.

Stealing Passwords by Observing Hands Movement

Diksha Shukla; Vir V. Phoha

The use of mobile phones in public places opens up the possibilities of remote side channel attacks on these devices. We present a video-based side channel attack to decipher passwords on mobile devices. Our method uses short video clips ranging from 5 to 10 s each, which can be taken unobtrusively from a distance and do not require the keyboard or the screen of the phone to be visible. By relating the spatiotemporal movements of the user’s hand during typing and an anchor point on any visible part of the phone, we predict the typed password with high accuracy. The results on a dataset of 375 short videos of password entry process on a Samsung Galaxy S4 phone show an exponential reduction in the search space compared to a random guess. For each key-press corresponding to a character in the passwords, our method was able to reduce the search space to an average of 2–3 keys compared to ~30 keys if one has to guess the key randomly. Thus, this paper reaffirms threats to smartphone users’ conventional login in public places and highlights the threats in scenarios such as hiding the screen that otherwise gives the impression of being safe to the users.


IEEE SPS Educational Resources

IEEE SPS Resource Center

IEEE SPS YouTube Channel