RefleXnoop: Passwords Snooping on NLoS Laptops Leveraging Screen-Induced Sound Reflection
Authors: 
Penghao Wang, 
Jingzhi Hu, Chao Liu, 
Jun LuoAuthors Info & Claims
Penghao Wang, Jingzhi Hu, Chao Liu, Jun LuoAuthors Info & ClaimsPages 3361 - 3375
Abstract
Password inference attacks by covert wireless side-channels jeopardize information safety, even for people with high security awareness and vigilance against snoopers. Yet, with limited spatial resolution, existing attacks cannot accurately infer password input on QWERTY keyboards in distance, creating psychological safety in using laptops publicly. To refute this false belief, we propose RefleXnoop, enabling an attacker to snoop a victim's typing details on a non-line-of-sight (NLoS) laptop. Apart from passively overhearing keystroke acoustic emanations, RefleXnoop actively probes with ultrasound, whose larger bandwidth and lower noise floor offers a finer resolution. To further maximize its performance, RefleXnoop exploits the laptop's screen reflection to enhance diversity in sound acquisition, and it innovates in neural models to effectively fuse the diversified sound acquisitions and to achieve robust feature-to-key translation. We implement RefleXnoop with commodity hardware and conduct extensive evaluation on it; the results demonstrate that RefleXnoop achieves 85% top-100 accuracy for inferring 8-character passwords on laptop QWERTY-keyboard and in multiple noisy environments.
References
[1]
Dmitri Asonov and Rakesh Agrawal. 2004. Keyboard Acoustic Emanations. In Proc. of the 25th IEEE S&P. 3--11.
[2]
Jia-Xuan Bai, Bin Liu, and Luchuan Song. 2021. I Know Your Keyboard Input: A Robust Keystroke Eavesdropper Based-on Acoustic Signals. In Proc. of the 29th ACM MM. 1239--1247.
[3]
Shaojie Bai, J Zico Kolter, and Vladlen Koltun. 2018. An Empirical Evaluation of Generic Convolutional and Recurrent Networks for Sequence Modeling. arXiv:1803.01271 (2018).
[4]
Jacob Benesty, Jingdong Chen, and Yiteng Huang. 2008. Microphone Array Signal Processing. Springer Science & Business Media.
[5]
Javad Zolfaghari Bengar, Joost van de Weijer, Bartlomiej Twardowski, and Bogdan Raducanu. 2021. Reducing Label Effort: Self-Supervised Meets Active Learning. In Proc. of the 18th IEEE/CVF ICCV. 1631--1639.
[6]
Yigael Berger, Avishai Wool, and Arie Yeredor. 2006. Dictionary Attacks Using Keyboard Acoustic Emanations. In Proc. of the 13th ACM CCS. 245--254.
[7]
Chao Cai, Zhe Chen, Jun Luo, Henglin Pu, Menglan Hu, and Rong Zheng. 2022. Boosting Chirp Signal Based Aerial Acoustic Communication Under Dynamic Channel Conditions. IEEE Transactions on Mobile Computing, Vol. 21, 9 (2022), 3110--3121.
[8]
Chao Cai, Zhe Chen, Henglin Pu, Liyuan Ye, Menglan Hu, and Jun Luo. 2020. AcuTe: Acoustic Thermometer Empowered by A Single Smartphone. In Proc. of the 18th ACM SenSys. 28--41.
[9]
Chao Cai, Ruinan Jin, Jiangtian Nie, Jiawen Kang, Yang Zhang, and Jun Luo. 2023. Reliable High Throughput Aerial Acoustic Communication for Mobile Network. IEEE Transactions on Vehicular Technology, Vol. 2, 1--11 (2023), 1--13.
[10]
Chao Cai, Henglin Pu, Menglan Hu, Rong Zheng, and Jun Luo. 2021. SST: Software Sonic Thermometer on Acoustic-Enabled IoT Devices. IEEE Transactions on Mobile Computing, Vol. 20, 5 (2021), 2067--2079.
[11]
Chao Cai, Henglin Pu, Menglan Hu, Rong Zheng, and Jun Luo. 2023. Acoustic Software Defined Platform: A Versatile Sensing and General Benchmarking Platform. IEEE Transactions on Mobile Computing, Vol. 22, 2 (2023), 647--660.
[12]
Chao Cai, Henglin Pu, Peng Wang, Zhe Chen, and Jun Luo. 2021. We Hear Your PACE: Passive Acoustic Localization of Multiple Walking Persons. Proc. ACM Interact. Mob. Wearable Ubiquitous Technol., Vol. 5, 2 (2021), 1--24.
[13]
Chao Cai, Henglin Pu, Liyuan Ye, Hongbo Jiang, and Jun Luo. 2023. Active Acoustic Sensing for “Hearing” Temperature Under Acoustic Interference. IEEE Transactions on Mobile Computing, Vol. 22, 2 (2023), 661--673.
[14]
Chao Cai, Rong Zheng, and Jun Luo. 2022. Ubiquitous Acoustic Sensing on Commodity IoT Devices: A Survey. IEEE Communications Surveys & Tutorials, Vol. 24, 1 (2022), 432--454.
[15]
Yetong Cao, Chao Cai, Anbo Yu, Fan Li, and Jun Luo. 2023. EarAcE: Empowering Versatile Acoustic Sensing via Earable Active Noise Cancellation Platform. Proc. ACM Interact. Mob. Wearable Ubiquitous Technol., Vol. 7, 2 (2023), 1 -- 23.
[16]
Yimin Chen, Tao Li, Rui Zhang, Yanchao Zhang, and Terri Hedgpeth. 2018. EyeTell: Video-assisted Touchscreen Keystroke Inference from Eye Movements. In Proc. of the 39th IEEE S & P. 144--160.
[17]
Zhe Chen, Chao Cai, Tianyue Zheng, Jun Luo, Jie Xiong, and Xin Wang. 2023. RF-Based Human Activity Recognition Using Signal Adapted Convolutional Neural Network. IEEE Trans. on Mobile Computing, Vol. 22, 1 (2023), 487--499.
[18]
Zhe Chen, Tianyue Zheng, and Jun Luo. 2021. MoVi-Fi: Motion-Robust Vital Signs Waveform Recovery via Deep Interpreted RF Sensing. In Proc. of the 27th ACM MobiCom. 392--405.
[19]
Jim Cherian, Jun Luo, Hongliang Guo, Shen-Shyang Ho, and Richard Wisbrun. 2016. ParkGauge: Gauging the Occupancy of Parking Garages with Crowdsensed Parking Characteristics., 92--101 pages.
[20]
Junyoung Chung, Caglar Gulcehre, KyungHyun Cho, and Yoshua Bengio. 2014. Empirical Evaluation of Gated Recurrent Neural Networks on Sequence Modeling. In Proc. of the 28th NIPS. 1--9.
[21]
Alberto Compagno, Mauro Conti, Daniele Lain, and Gene Tsudik. 2017. Don't Skype & Type! Acoustic Eavesdropping in Voice-Over-IP. In Proc of the 12th ACM AsiaCCS. 703----715.
[22]
Apple Corporation. 2021. Passcodes and Passwords. https://support.apple.com/en-sg/guide/security/sec20230a10d/web. Online; accessed 24 January 2024.
[23]
Apple Corporation. 2023. Play High Sample Rate Audio on Your Mac. https://support.apple.com/en-us/108326. Online; accessed 24 January 2024.
[24]
Patrick Cronin, Xing Gao, Chengmo Yang, and Haining Wang. 2021. Charger-Surfing: Exploiting a Power Line Side-Channel for Smartphone Information Leakage. In Proc. of the 30th USENIX Security. 681--698.
[25]
Daniel De Almeida Braga, Pierre-Alain Fouque, and Mohamed Sabt. 2021. PARASITE: PAssword Recovery Attack against Srp Implementations in ThE wild. In Proc. of the 28th ACM CCS. 2497--2512.
[26]
Shuya Ding, Zhe Chen, Tianyue Zheng, and Jun Luo. 2020. RF-Net: A Unified Meta-Learning Framework for RF-enabled One-Shot Human Activity Recognition. In Proc. of the 18th ACM SenSys. 517--530.
[27]
Anna Maria Feit, Daryl Weir, and Antti Oulasvirta. 2016. How We Type: Movement Strategies and Performance in Everyday Typing. In Proc. of 34th the ACM CHI. 4262--4273.
[28]
Kai Han, Chi Zhang, Jun Luo, Menglan Hu, and Bharadwaj Veeravalli. 2016. Truthful Scheduling Mechanisms for Powering Mobile Crowdsensing. IEEE Trans. on Computers, Vol. 65, 1 (2016), 294--307.
[29]
Jingyang Hu, Hongbo Wang, Tianyue Zheng, Jingzhi Hu, Zhe Chen, Hongbo Jiang, and Jun Luo. 2023. Password-Stealing without Hacking: Wi-Fi Enabled Practical Keystroke Eavesdropping. Proc. of the 30th ACM CCS, 239--252.
[30]
Wenqiang Jin, Srinivasan Murali, Huadi Zhu, and Ming Li. 2021. Periscope: A Keystroke Inference Attack Using Human Coupled Electromagnetic Emanations. In Proc. of the 28th ACM CCS. 700--714.
[31]
Diederik P Kingma and Jimmy Ba. 2014. Adam: A Method for Stochastic Optimization. arXiv:1412.6980 (2014).
[32]
Mengyuan Li, Yan Meng, Junyi Liu, Haojin Zhu, Xiaohui Liang, Yao Liu, and Na Ruan. 2016. When CSI Meets Public WiFi: Inferring Your Mobile Phone Password via WiFi Signals. In Proc. the 23rd ACM CCS. 1068--1079.
[33]
Mengyuan Li, Yan Meng, Junyi Liu, Haojin Zhu, Xiaohui Liang, Yao Liu, and Na Ruan. 2016. When CSI Meets Public WiFi: Inferring Your Mobile Phone Password via WiFi Signals. In Proc. of the 23rd ACM CCS. 1068--1079.
[34]
Kang Ling, Yuntang Liu, Ke Sun, Wei Wang, Lei Xie, and Qing Gu. 2020. SpiderMon: Towards using cell towers as illuminating sources for keystroke monitoring. In Proc. of the 39th IEEE INFOCOM. 666--675.
[35]
Jian Liu, Yan Wang, Gorkem Kar, Yingying Chen, Jie Yang, and Marco Gruteser. 2015. Snooping Keystrokes with mm-Level Audio Ranging on a Single Phone. In Proc. of the 21st ACM MobiCom. 142--154.
[36]
Ximing Liu, Yingjiu Li, and Robert H. Deng. 2021. UltraPIN: Inferring PIN Entries via Ultrasound. In Proc. of the 16th ACM AsiaCCS. 944--957.
[37]
Xiangyu Liu, Zhe Zhou, Wenrui Diao, Zhou Li, and Kehuan Zhang. 2015. When Good Becomes Evil: Keystroke Inference with Smartwatch. In Proc. of the 22nd ACM CCS. 1273--1285.
[38]
Ziwei Liu, Feng Lin, Chao Wang, Yijie Shen, Zhongjie Ba, Li Lu, Wenyao Xu, and Kui Ren. 2023. CamRadar: Hidden Camera Detection Leveraging Amplitude-modulated Sensor Images Embedded in Electromagnetic Emanations. Proc. of the 23rd ACM UbiComp, Vol. 6, 4 (2023), 1--25.
[39]
Philip Marquardt, Arunabh Verma, Henry Carter, and Patrick Traynor. 2011. (sp)iPhone: Decoding Vibrations from Nearby Keyboards using Mobile Phone Accelerometers. In Proc. of the 18th ACM CCS. 551--562.
[40]
Weizhi Meng, Duncan S. Wong, Steven Furnell, and Jianying Zhou. 2015. Surveying the Development of Biometric User Authentication on Mobile Phones. IEEE Communications Surveys & Tutorials, Vol. 17, 3 (2015), 1268--1293.
[41]
Keyes Metcalf. 1964. Furniture and Equipment: Sizes, Spacing, and Arrangement. Library Trends, Vol. 13, 2 (1964), 488--502.
[42]
John V. Monaco. 2018. SoK: Keylogging Side Channels. In Proc. of the 39th IEEE S&P. 211--228.
[43]
Tao Ni, Jianfeng Li, Xiaokuan Zhang, Chaoshun Zuo, Wubing Wang, Weitao Xu, Xiapu Luo, and Qingchuan Zhao. 2023. Exploiting Contactless Side Channels in Wireless Charging Power Banks for User Privacy Inference via Few-shot Learning. In Proc. of the 29th ACM MobiCom. 1105--1119.
[44]
Stephani K. A. Robson, Kimes Sheryl E., Franklin D. Becker, and Gary W. Evans. 2011. Consumers' Responses to Table Spacing in Restaurants. Cornell Hospitality Quarterly, Vol. 52, 3 (2011), 253--264.
[45]
Sriram Sami, Sean Rui Xiang Tan, Bangjie Sun, and Jun Han. 2021. LAPD: Hidden Spy Camera Detection Using Smartphone Time-of-flight Sensors. In Proc. of the 19th ACM SenSys. 288--301.
[46]
Chao Shen, Tianwen Yu, Haodi Xu, Gengshan Yang, and Xiaohong Guan. 2016. User Practice in Password Security: An Empirical Study of Real-Life Passwords in The Wild. Computers & Security, Vol. 61, 1 (2016), 130--141.
[47]
David Slater, Scott Novotney, Jessica Moore, Sean Morgan, and Scott Tenaglia. 2019. Robust Keystroke Transcription from the Acoustic Side-Channel. In Proc of the 35th ACSAC. 776--787.
[48]
Jingchao Sun, Xiaocong Jin, Yimin Chen, Jinxue Zhang, Yanchao Zhang, and Rui Zhang. 2016. Visible: Video-assisted Keystroke Inference From Tablet Backside Motion. In Proc. of the 23rd ISOC NDSS.
[49]
Yazhou Tu, Liqun Shan, Md Imran Hossen, Sara Rampazzi, Kevin Butler, and Xiali Hei. 2023. Auditory Eyesight: Demystifying μs-Precision Keystroke Tracking Attacks on Unconstrained Keyboard Inputs. In Proc. the 32nd USENIX Security. 175--192.
[50]
Ashish Vaswani, Noam Shazeer, Niki Parmar, Jakob Uszkoreit, Llion Jones, Aidan N. Gomez, Łukasz Kaiser, and Illia Polosukhin. 2017. Attention Is All You Need. In Proc. of the 31st NIPS. 5998--6008.
[51]
Martin Vuagnoux and Sylvain Pasini. 2009. Compromising Electromagnetic Emanations of Wired and Wireless Keyboards. In Proc. of the 18th USENIX Security. 1--16.
[52]
Jin Wang, Jun Luo, Sinno Jialin Pan, and Aixin Sun. 2019. Learning-Based Outdoor Localization Exploiting Crowd-Labeled WiFi Hotspots. IEEE Trans. on Mobile Computing, Vol. 18, 4 (2019), 896--909.
[53]
Jin Wang, Nicholas Tan, Jun Luo, and Sinno Jialin Pan. 2017. WOLoc: WiFi-only outdoor localization using crowdsensed hotspot labels. In Proc. of the 36th IEEE INFOCOM. 1--9.
[54]
Penghao Wang, Ruobing Jiang, and Chao Liu. 2022. Amaging: Acoustic Hand Imaging for Self-adaptive Gesture Recognition. In Proc. of the 41st IEEE INFOCOM. 80--89.
[55]
Penghao Wang, Ruobing Jiang, Chao Liu, and Jun Luo. 2024. AGR: Acoustic Gait Recognition Using Interpretable Micro-Range Profile. In Proc. of the 43rd IEEE INFOCOM. 1--10.
[56]
Tzu-Tsung Wong. 2015. Performance Evaluation of Classification Algorithms by k-fold and Leave-one-out Cross Validation. Pattern Recognition, Vol. 48, 9 (2015), 2839--2846.
[57]
Ning Xie, Changsheng Chen, and Zhong Ming. 2021. Security Model of Authentication at the Physical Layer and Performance Analysis over Fading Channels. IEEE Transactions on Dependable and Secure Computing, Vol. 18, 1 (2021), 253--268.
[58]
Edwin Yang, Qiuye He, and Song Fang. 2022. WINK: Wireless Inference of Numerical Keystrokes via Zero-Training Spatiotemporal Analysis. In Proc. of the 28th ACM CCS. 3033--3047.
[59]
Edwin Yang, Qiuye He, and Song Fang. 2022. WINK: Wireless Inference of Numerical Keystrokes via Zero-Training Spatiotemporal Analysis. In Proc. of the 29th ACM CCS. 3033--3047.
[60]
Zhuolin Yang, Yuxin Chen, Zain Sarwar, Hadleigh Schwartz, Ben Y. Zhao, and Haitao Zheng. 2023. Towards a General Video-based Keystroke Inference Attack. In Proc. of the 32nd USENIX Security. 141--158.
[61]
Jiadi Yu, Li Lu, Yingying Chen, Yanmin Zhu, and Linghe Kong. 2021. An Indirect Eavesdropping Attack of Keystrokes on Touch Screen through Acoustic Sensing. IEEE Transactions on Mobile Computing, Vol. 20, 2 (2021), 337--351.
[62]
Qinggang Yue, Zhen Ling, Xinwen Fu, Benyuan Liu, Kui Ren, and Wei Zhao. 2014. Blind Recognition of Touched Keys on Mobile Devices. In Proc. of the 21st ACM CCS. 1403--1414.
[63]
Qinggang Yue, Zhen Ling, Xinwen Fu, Benyuan Liu, Wei Yu, and Wei Zhao. 2014. My Google Glass Sees Your Passwords. Prof. of the Black Hat USA (2014), 1--20.
[64]
Zijian Zhang, Nurilla Avazov, Jiamou Liu, Bakh Khoussainov, Xin Li, Keke Gai, and Liehuang Zhu. 2020. WiPOS: A POS Terminal Password Inference System Based on Wireless Signals. IEEE Internet of Things Journal, Vol. 7, 8 (2020), 7506--7516.
[65]
Yanchao Zhao, Yiming Zhao, Si Li, Hao Han, and Lei Xie. 2023. UltraSnoop: Placement-Agnostic Keystroke Snooping via Smartphone-Based Ultrasonic Sonar. ACM Transactions on Internet of Things, Vol. 4, 4 (2023).
[66]
Man Zhou, Qian Wang, Jingxiao Yang, Qi Li, Feng Xiao, Zhibo Wang, and Xiaofeng Chen. 2018. PatternListener: Cracking Android Pattern Lock Using Acoustic Signals. In Proc. of the 25th ACM CCS. 1775--1787.
[67]
Tong Zhu, Qiang Ma, Shanfeng Zhang, and Yunhao Liu. 2014. Context-Free Attacks Using Keyboard Acoustic Emanations. In Proc. of the 21st ACM CCS. 453--464.
[68]
Li Zhuang, Feng Zhou, and J. Doug Tygar. 2005. Keyboard Acoustic Emanations Revisited. In Proc. of the 12th ACM CCS. 373--382.
Index Terms
- RefleXnoop: Passwords Snooping on NLoS Laptops Leveraging Screen-Induced Sound Reflection
Recommendations
Password-Stealing without Hacking: Wi-Fi Enabled Practical Keystroke Eavesdropping
CCS '23: Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications SecurityThe contact-free sensing nature of Wi-Fi has been leveraged to achieve privacy breaches, yet existing attacks relying on Wi-Fi CSI (channel state information) demand hacking Wi-Fi hardware to obtain desired CSIs. Since such hacking has proven ...
Comments
Information & Contributors
Information
Published In
December 2024
5188 pages
ISBN:9798400706363
DOI:10.1145/3658644
- General Chairs:
- Bo Luo,
- Xiaojing Liao,
- Jun Xu,
- Program Chairs:
- Engin Kirda,
- David Lie
Copyright © 2024 Owner/Author.
This work is licensed under a Creative Commons Attribution International 4.0 License.
Sponsors
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 09 December 2024
Check for updates
Author Tags
Qualifiers
- Research-article
Funding Sources
- National Research Foun- dation (NRF) Future Communications Research & Development Programme (FCP)
- AcRF Tier 1
Conference
CCS '24
Sponsor:
CCS '24: ACM SIGSAC Conference on Computer and Communications Security
October 14 - 18, 2024
UT, Salt Lake City, USA
Acceptance Rates
Overall Acceptance Rate 1,261 of 6,999 submissions, 18%
Upcoming Conference
CCS '25
- Sponsor:
- sigsac
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 156Total Downloads
- Downloads (Last 12 months)156
- Downloads (Last 6 weeks)156
Reflects downloads up to 17 Jan 2025
Other Metrics
Citations
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in