Swarthmore College Department of Computer Science

Talk by Adam J. Aviv, University of Pennsylvania's Department of Computer and Information Science

Novel Side Channels Enabled by Smartphones
Fri, February 3, 2012
SCI 240, 4:30 pm (refreshments at 4:15)


Abstract

As a computing platform, smartphones differ greatly from traditional computers. We carry our smartphones everywhere; they are nearly always on; and almost everyone has one. Smartphones are also capable of varied communications -- e.g., cellular, wifi, bluetooth, near field communication, etc. -- and they contain a dense array of sensors to measure their surroundings. Finally, we interact with smartphones in a tactile, hand-held by holding the device in our hands and touching and gesture on the screen. My research focuses on the security and privacy implications of smartphones with respect to this new interaction layer, and in this talk, I will present my recent work on novel side channels that leak information about private input on smartphones, particularly information about the Android password pattern.

This talk will focus on the feasibility of two side channel attacks. The first is Smudge Attacks, where I investigated the oily residues remaining on the touchscreen after entering a password pattern. We found that in a surprisingly number of lighting and usage scenarios, a large amount of information can be learned from these smudges. I will also present ongoing research into Accelerometer Attacks. The act of physically holding (and slightly shifting) the device while entering a password pattern can be recorded using the on-board accelerometer sensor, and preliminary results suggest that this information can be used to classify different types of gestures, including which password pattern a user entered.