Threat Category: Authentication: User to Device
ID: AUT-5
Threat Description: Mobile applications, if granted permissions to do so, can collect data from various device sensors such as an accelerometer, gyroscope, microphone, or camera to calculate what areas of the mobile device screen are being tapped by the user. This data can be analyzed to infer with high probability (70%) the keystrokes made by the user, such as a PIN or password entry. The success of this attack improves as additional data is collected from activity by a given user. Note this attack does not require an application to acheive privilege escalation; however, an application that can successfully exploit privilege escalation vulnerabilities may have increased potential to realize this threat by accessing otherwise restricted sensors.
Threat Origin
Your Smartphone Isn’t As Safe As You’d Think 1
Exploit Examples
Touchscreen keylogger created using accelerometer movement during typing 2
Tapprints: your finger taps have fingerprints 3
ToughLogger: Inferring Keystrokes on Touch Screen from Smartphone Motion 4
CVE Examples
Not Applicable
Possible Countermeasures
To detect Android apps that may realize this threat, use the Verify Apps feature to detect 3rd party apps that appear to abuse access to device sensors.
To reduce the opportunity for this threat, do not authorize (or revoke if granted) access to device sensors by untrusted applications when those applications are not actively in use (e.g., running in the background).
To reduce the opportunity for this threat, use access controls native to the mobile OS to revoke access to device peripherals or services for an app when related application functions are no longer in use.
To prevent this threat, before authenticating to sensitive applications, forcibly close all untrusted applications that have access to device sensors such as an accelerometer or gyroscope.
To prevent this threat, before authenticating to sensitive applications, use OS configuration settings to revoke global access for all apps to device sensors such as an accelerometer or gyroscope.
EnterpriseTo reduce the opporunity for this threat, deploy containerization or MAM solutions in combination with devices that successfully enforce policies that restrict access to device sensors by untrusted apps.
To detect apps that may realize this threat, use app-vetting services to determine if any apps present in your mobile device deployment appear to use sensor data in an untrusted manner.
Mobile OS DeveloperTo increase the difficulty of visual or sensor-based inference attacks on entries by the on-screen keyboard, a randomized keyboard layout for PIN or password entry could be implemented as a feature of the mobile OS.
References
S. Hill, “Your Smartphone Isn’t As Safe As You’d Think, Techradar, 29 Nov. 2013; www.techradar.com/us/news/phone-and-communications/mobile-phones/your-smartphone-pin-isn-t-as-safe-as-you-d-think-1203510 [accessed 8/25/2016] ↩
M. Humphries, “Touchscreen keylogger created using accelerometer movement during typing”, PCMag, 9 Dec. 2011; http://www.geek.com/mobile/touchscreen-keylogger-created-using-accelerometer-movement-during-typing-1420485/ [accessed 11/07/2016] ↩
E. Miluzzo et al., “Tapprints: your finger taps have fingerprints”, in Proceedings of the 10th International Conference on Mobile Systems, Applications, and Services, 2012, pp. 323-336; https://forge.info.unicaen.fr/attachments/download/559/tapprints-final.pdf ↩
C. Liang and H. Chen, “TouchLogger: Inferring Keystrokes on Touch Screen from Smartphone Motion”, presented at 6th USENIX Workshop on Hot Topics in Security, 9 Aug. 2011; https://pdfs.semanticscholar.org/8c8c/f6ff0a88a5ae99360cada9afaf5439b61a8d.pdf [accessed 11/07/2016] ↩