Understanding Shoulder Surfer Behavior and Attack Patterns Using Virtual Reality

Abdrabou, Yasmeen; Rivu, Radiah; Ammar, Tarek; Liebers, Jonathan; Saad, Alia; Liebers, Carina; Gruenefeld, Uwe; Knierim, Pascal; Khamis, Mohamed; Mäkelä, Ville; Schneegaß, Stefan; Alt, Florian

doi:10.1145/3531073.3531106

Cited by 9 publications

(1 citation statement)

References 32 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Accordingly, data privacy issues arise when people are viewing mobile data visualizations showing sensitive personal data in public areas (e.g., on a bus or a train), as shoulder surfers nearby can also easily peek at those visualizations displayed on the mobile device screen, which is commonly known as Shoulder Surfing as shown in Figure 1. Additionally, shoulder surfers are individuals who engage in shoulder surfing [ARA * 22]. Though it is possible to be more cautious when using mobile data visualizations in public space, prior research has shown that only 7% of people are aware of Shoulder Surfing cases in the wild [EKVZ * 17].…”

Section: Introductionmentioning

confidence: 99%

Don't Peek at My Chart: Privacy‐preserving Visualization for Mobile Devices

Zhang

Wang

2023

Computer Graphics Forum

View full text Add to dashboard Cite

Data visualizations have been widely used on mobile devices like smartphones for various tasks (e.g., visualizing personal health and financial data), making it convenient for people to view such data anytime and anywhere. However, others nearby can also easily peek at the visualizations, resulting in personal data disclosure. In this paper, we propose a perception-driven approach to transform mobile data visualizations into privacy-preserving ones. Specifically, based on human visual perception, we develop a masking scheme to adjust the spatial frequency and luminance contrast of colored visualizations. The resulting visualization retains its original information in close proximity but reduces visibility when viewed from a certain distance or farther away. We conducted two user studies to inform the design of our approach (N=16) and systematically evaluate its performance (N=18), respectively. The results demonstrate the effectiveness of our approach in terms of privacy preservation for mobile data visualizations.

show abstract

Section: Introductionmentioning

confidence: 99%

Don't Peek at My Chart: Privacy‐preserving Visualization for Mobile Devices

Zhang

Wang

2023

Computer Graphics Forum

View full text Add to dashboard Cite

show abstract

“They see me scrollin”—Lessons Learned from Investigating Shoulder Surfing Behavior and Attack Mitigation Strategies

Saad

Liebers

Schneegaß

et al. 2023

Human Factors in Privacy Research

View full text Add to dashboard Cite

Mobile computing devices have become ubiquitous; however, they are prone to observation and reconstruction attacks. In particular, shoulder surfing, where an adversary observes another user’s interaction without prior consent, remains a significant unresolved problem. In the past, researchers have primarily focused their research on making authentication more robust against shoulder surfing—with less emphasis on understanding the attacker or their behavior. Nonetheless, understanding these attacks is crucial for protecting smartphone users’ privacy. This chapter aims to bring more attention to research that promotes a deeper understanding of shoulder surfing attacks. While shoulder surfing attacks are difficult to study under natural conditions, researchers have proposed different approaches to overcome this challenge. We compare and discuss these approaches and extract lessons learned. Furthermore, we discuss different mitigation strategies of shoulder surfing attacks and cover algorithmic detection of attacks and proposed threat models as well. Finally, we conclude with an outlook of potential next steps for shoulder surfing research.

show abstract