iSnoop: Automatic Eavesdropping from Touchscreen Keyboards

Spying on a person is an easy and effective method to obtain sensitive information, even when the victim is well protected against common digital attacks. Modern mobile devices allow people to perform some information sensitive actions in unsafe places, where anyone could easily observe the victim while typing.

What if your mobile phone has a cool touchscreen interface that gives you graphical feedback as you type (iPhone, Android, BlackBerry Torch)? Does it make shoulder surfing easier or, worse, automatable? We believe so, and to demonstrate it, we developed a practical shoulder surfing attack that automatically reconstructs the sequence of keystrokes by aiming a camera at the target touchscreen while the victim is typing.

Demo

References

(2011). POSTER: Fast, Automatic iPhone Shoulder Surfing. Proceedings of the 18th Conference on Computer and Communication Security (CCS).

PDF

(2011). A Fast Eavesdropping Attack Against Touchscreens. Proceedings of the 7th International Conference on Information Assurance and Security (IAS).

PDF

(2010). Don't touch a word! A practical input eavesdropping attack against mobile touchscreen devices.

PDF