PatternListener

Zhou, Man; Wang, Qian; Yang, Jingxiao; Li, Qi; Xiao, Feng; Wang, Zhibo; Chen, Xiaofeng

doi:10.1145/3243734.3243777

Cited by 61 publications

(13 citation statements)

References 33 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The recorded audio undergoes processing, removing static noise, and is then used for calculations to measure relative movement and infer pattern lines. The inferred pattern lines are used to generate candidate patterns, which are ranked and provided to the attacker [11] [59].…”

Section: Rq1: What Are the Existing Security Attacks On Graphical Pas...mentioning

confidence: 99%

See 1 more Smart Citation

A Systematic Literature Review on the Security Attacks and Countermeasures Used in Graphical Passwords

Por,

Ng,

Chen

et al. 2024

IEEE Access

View full text Add to dashboard Cite

As technology continues to evolve, the need for robust and user-friendly authentication methods becomes increasingly vital to safeguarding sensitive information. Graphical passwords, a contemporary approach to authentication, utilize images, patterns, or graphical elements as a means of access control. This systematic literature review delves into the dynamic realm of graphical passwords, focusing on the myriad security attacks they face, and the diverse countermeasures devised to mitigate these threats. The graphical password scheme is one of the most popular schemes used, yet it is vulnerable to numerous security attacks, such as shoulder surfing attacks, smudge attacks, spyware, and more. In order to mitigate these security threats, numerous methods have been proposed, but there is no ultimate solution for the security attacks; each of the proposed methods has its own advantages and limitations. The core objective of this paper is to identify existing security threats to graphical password schemes and the corresponding countermeasures developed to mitigate these attacks. The study process begins by identifying the usable databases and search engines to identify all the relevant resources. These include Academic Search Elite @EBSCOhost,

show abstract

Section: Rq1: What Are the Existing Security Attacks On Graphical Pas...mentioning

confidence: 99%

“…• Restricting Microphone Usage: One approach to mitigating sonar attacks is to restrict microphone usage in the background during pattern drawing [59]. By limiting access to the microphone, acoustic signals cannot be captured, preventing attackers from determining fingertip motions on the screen.…”

Section: ) Sonar Attackmentioning

confidence: 99%

A Systematic Literature Review on the Security Attacks and Countermeasures Used in Graphical Passwords

Por,

Ng,

Chen

et al. 2024

IEEE Access

View full text Add to dashboard Cite

show abstract

“…Similarly, KeyListener [39] performs KI on touchscreen based on different attenuation of the signals (generated by phone speaker) at the two microphones. PatternListener [73] compromises pattern locks by using acoustic signals reflected from fingertips to measure their relative movement and infer the pattern lines. These methods can be deemed as acoustic version of OKI.…”

Section: Related Workmentioning

confidence: 99%

“…Mobile devices (e.g., smartphones and tablets), along with their software applications, have been increasingly adopted to identify human users in modern societies [5,17]. Consequently, stealing passwords from these devices becomes almost like identify theft, hence attracting diversified eavesdropping attacks, either direct [42,70] or indirect [2,36,37,43,53,69,73]. Bearing no need to have a visual on the target screen, the indirect attacks often incur a much higher risk as they leverage side-channels to infer passwords in a stealthy manner.…”

Section: Introductionmentioning

confidence: 99%

“…Bearing no need to have a visual on the target screen, the indirect attacks often incur a much higher risk as they leverage side-channels to infer passwords in a stealthy manner. Typical side-channels considered by prior works include acoustic [36,73], electromagnetic emission [31], indirect vision [11,53,57,69], and motion sensors [9,37,43]. Though they have demonstrated successes for particular scenarios, these successes often rely on strong assumptions [34], including i) eavesdropping devices are in proximity to the victim device (e.g., in centimeter scale or within line-of-sight region) [11,31,36,37,43,53], ii) rogue software have been implanted to the victim device [9,37,73], and iii) the content to eavesdrop has linguistic structure [2,37,43,69].…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Password-Stealing without Hacking: Wi-Fi Enabled Practical Keystroke Eavesdropping

Hu,

Wang,

Zheng

et al. 2023

Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security

View full text Add to dashboard Cite

The contact-free sensing nature of Wi-Fi has been leveraged to achieve privacy breaches, yet existing attacks relying on Wi-Fi CSI (channel state information) demand hacking Wi-Fi hardware to obtain desired CSIs. Since such hacking has proven prohibitively hard due to compact hardware, its feasibility in keeping up with fast-developing Wi-Fi technology becomes very questionable. To this end, we propose WiKI-Eve to eavesdrop keystrokes on smartphones without the need for hacking. WiKI-Eve exploits a new feature, BFI (beamforming feedback information), offered by latest Wi-Fi hardware: since BFI is transmitted from a smartphone to an AP in clear-text, it can be overheard (hence eavesdropped) by any other Wi-Fi devices switching to monitor mode. As existing keystroke inference methods offer very limited generalizability, WiKI-Eve further innovates in an adversarial learning scheme to enable its inference generalizable towards unseen scenarios. We implement WiKI-Eve and conduct extensive evaluation on it; the results demonstrate that WiKI-Eve achieves 88.9% inference accuracy for individual keystrokes and up to 65.8% top-10 accuracy for stealing passwords of mobile applications (e.g., WeChat).

show abstract

HIAWare: Speculate Handwriting on Mobile Devices with Built-In Sensors

Chen

Jiang

et al. 2021

Information and Communications Security

View full text Add to dashboard Cite

PatternListener

Cited by 61 publications

References 33 publications

A Systematic Literature Review on the Security Attacks and Countermeasures Used in Graphical Passwords

A Systematic Literature Review on the Security Attacks and Countermeasures Used in Graphical Passwords

Password-Stealing without Hacking: Wi-Fi Enabled Practical Keystroke Eavesdropping

HIAWare: Speculate Handwriting on Mobile Devices with Built-In Sensors

Contact Info

Product

Resources

About