A new side channel attack

November 8th, 2013 at 12:19 UTC by Ross Anderson

Today we’re presenting a new side-channel attack in PIN Skimmer: Inferring PINs Through The Camera and Microphone at SPSM 2013. We found that software on your smartphone can work out what PIN you’re entering by watching your face through the camera and listening for the clicks as you type. Previous researchers had shown how to work out PINs using the gyro and accelerometer; we found that the camera works about as well. We watch how your face appears to move as you jiggle your phone by typing.

There are implications for the design of electronic wallets using mechanisms such as Trustzone which enable some apps to run in a more secure sandbox. Such systems try to prevent sensitive data such as bank credentials being stolen by malware. Our work shows it’s not enough for your electronic wallet software to grab hold of the screen, the accelerometers and the gyro; you’d better lock down the video camera, and the still camera too while you’re at it. (Our attack can use the still camera in burst mode.)

We suggest ways in which mobile phone operating systems might mitigate the risks. Meanwhile, if you’re developing payment apps, you’d better be aware that these risks exist.

Entry filed under: Academic papers, Banking security, Hardware & signals, Operating systems, Privacy technology, Security engineering, Usability

5 comments Add your own

  • 1. James White  |  November 8th, 2013 at 13:50 UTC

    So start randomizing the placement of the numbers on the keypad.

  • 2. JD  |  November 10th, 2013 at 01:36 UTC

    How, if the sound of clicking is suppressed by the wallett app to remove the cues as to inputting, would this diminish the effectiveness of the attack?

  • 3. Carl  |  November 14th, 2013 at 00:25 UTC

    @JD: I’m guessing not much: Even without the auditory cue, you could still tell when the user touches a “key” by a sudden jerking of the visual image.

    I’m also guessing that this attack might be just as effective using the rear camera as the front. Unless the phone is resting on a solid surface, my guess is that the back of the phone would see a convenient image of a relatively static environment more conducive to edge-detection than a human face.

  • 4. Barney  |  November 19th, 2013 at 20:54 UTC

    The idea of randomizing the position of the buttons is addressed in the paper. It hurts usability.

  • 5. Anonymous  |  November 25th, 2013 at 21:36 UTC

    Security hurts usability. Period. It would be even more convenient to log in without a pin at all.

Leave a Comment


Required, hidden

Some HTML allowed:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Subscribe to the comments via RSS Feed


November 2013
« Oct   Dec »