A practical approach for optical skimming and automatic identification of the pressed contents on touchscreen devices (Conference Presentation)
Le DK, Krummel V, Blum M, Lueke BJ (2018)
In: Counterterrorism, Crime Fighting, Forensics, and Surveillance Technologies II. Bouma H, Stokes RJ, Yitzhaky Y, Prabhu R (Eds); Proceedings of SPIE, 10802. SPIE: 25.
Konferenzbeitrag
| Veröffentlicht | Englisch
Download
Es wurden keine Dateien hochgeladen. Nur Publikationsnachweis!
Autor*in
Le, Dinh Khoi;
Krummel, Volker;
Blum, MoritzUniBi ;
Lueke, Benedikt J.
Herausgeber*in
Bouma, Henri;
Stokes, Robert J.;
Yitzhaky, Yitzhak;
Prabhu, Radhakrishna
Einrichtung
Abstract / Bemerkung
Entering confidential information is the classical application for optical skimming. For example entering a PIN or password to authenticate banking transactions is one of the most sensitive moments of a transaction. Up to now it was unclear how efficient optical skimming attacks can be mounted even on mobile devices. In this paper we show that filming the entering of a password with the camera of a standard mobile phone is enough for a fully automated recovering of the sensitive information. Our analysis method of the recorded video stream leads to a success rate of more than 90%. In our model a user enters his password into an Android or IOS driven touchscreen device while being filmed by the attacker’s smartphone. The goal of the attacker is to derive the password from the movie instantly, e.g. to use it in a real time man-in-the-middle attack. On first sight such an attack seems hard to mount due to many disturbing factors like movements of the device, bad light conditions etc. However, we show that many of these disturbing factors can be mitigated by smart video analytics. We implemented the whole attack in our lab simulating real conditions. Parts of the setup where a Samsung S7 for filming and an iPhone 6 as target. For real time processing we use the computer vision library OpenCV which supports most of the common image and video processing algorithms. Our goal is to cover most of the important cases while holding as little knowledge as possible about the video the algorithm has to work on. Starting from movable or instable position for camera and device we apply a discrete Fourier transformation to obtain a constant plan view as starting point for our algorithm. To obtain the necessary information for this the user has to select the four corners of the keyboard which is observed by hand. In real live situations the device is hold by hand of the user so we decided to use the MOSSE algorithm for stabilization to deal with the problem of a jiggling device. The keystroke detection is based on the “pop up” feature of common smartphone keyboards. This event is remarkable enough to get detected and located by simple gray value subtraction of following frames. Not only the magnified keys are the primary changes we observed and analyzed. Minor changes like noise can be removed by sufficiently blurring the frame. Subtracting areas where normal skin colors are detected yields information about the position of the keystrokes. The relative position obtains a probability for the pressed keys by analyzing the activity of the regions where the “pop ups” usually are. Our work showed that optical skimming of passwords are practical even on mobile devices. We show that it is possible to make a simple attack with basic computer vision techniques. Up to date mobile devices have enough computing power to provide for this kind of attacks. We give recommendations for entering passwords securely.
Erscheinungsjahr
2018
Titel des Konferenzbandes
Counterterrorism, Crime Fighting, Forensics, and Surveillance Technologies II
Serien- oder Zeitschriftentitel
Proceedings of SPIE
Band
10802
Seite(n)
25
Konferenz
Counterterrorism, Crime Fighting, Forensics, and Surveillance Technologies
Konferenzort
Berlin, Germany
Konferenzdatum
2018-09-10 – 2018-09-13
ISBN
9781510621879
eISBN
9781510621886
Page URI
https://pub.uni-bielefeld.de/record/2966402
Zitieren
Le DK, Krummel V, Blum M, Lueke BJ. A practical approach for optical skimming and automatic identification of the pressed contents on touchscreen devices (Conference Presentation). In: Bouma H, Stokes RJ, Yitzhaky Y, Prabhu R, eds. Counterterrorism, Crime Fighting, Forensics, and Surveillance Technologies II. Proceedings of SPIE. Vol 10802. SPIE; 2018: 25.
Le, D. K., Krummel, V., Blum, M., & Lueke, B. J. (2018). A practical approach for optical skimming and automatic identification of the pressed contents on touchscreen devices (Conference Presentation). In H. Bouma, R. J. Stokes, Y. Yitzhaky, & R. Prabhu (Eds.), Proceedings of SPIE: Vol. 10802. Counterterrorism, Crime Fighting, Forensics, and Surveillance Technologies II (p. 25). SPIE. https://doi.org/10.1117/12.2325347
Le, Dinh Khoi, Krummel, Volker, Blum, Moritz, and Lueke, Benedikt J. 2018. “A practical approach for optical skimming and automatic identification of the pressed contents on touchscreen devices (Conference Presentation)”. In Counterterrorism, Crime Fighting, Forensics, and Surveillance Technologies II, ed. Henri Bouma, Robert J. Stokes, Yitzhak Yitzhaky, and Radhakrishna Prabhu, 10802:25. Proceedings of SPIE. SPIE.
Le, D. K., Krummel, V., Blum, M., and Lueke, B. J. (2018). “A practical approach for optical skimming and automatic identification of the pressed contents on touchscreen devices (Conference Presentation)” in Counterterrorism, Crime Fighting, Forensics, and Surveillance Technologies II, Bouma, H., Stokes, R. J., Yitzhaky, Y., and Prabhu, R. eds. Proceedings of SPIE, vol. 10802, (SPIE), 25.
Le, D.K., et al., 2018. A practical approach for optical skimming and automatic identification of the pressed contents on touchscreen devices (Conference Presentation). In H. Bouma, et al., eds. Counterterrorism, Crime Fighting, Forensics, and Surveillance Technologies II. Proceedings of SPIE. no.10802 SPIE, pp. 25.
D.K. Le, et al., “A practical approach for optical skimming and automatic identification of the pressed contents on touchscreen devices (Conference Presentation)”, Counterterrorism, Crime Fighting, Forensics, and Surveillance Technologies II, H. Bouma, et al., eds., Proceedings of SPIE, vol. 10802, SPIE, 2018, pp.25.
Le, D.K., Krummel, V., Blum, M., Lueke, B.J.: A practical approach for optical skimming and automatic identification of the pressed contents on touchscreen devices (Conference Presentation). In: Bouma, H., Stokes, R.J., Yitzhaky, Y., and Prabhu, R. (eds.) Counterterrorism, Crime Fighting, Forensics, and Surveillance Technologies II. Proceedings of SPIE. 10802, p. 25. SPIE (2018).
Le, Dinh Khoi, Krummel, Volker, Blum, Moritz, and Lueke, Benedikt J. “A practical approach for optical skimming and automatic identification of the pressed contents on touchscreen devices (Conference Presentation)”. Counterterrorism, Crime Fighting, Forensics, and Surveillance Technologies II. Ed. Henri Bouma, Robert J. Stokes, Yitzhak Yitzhaky, and Radhakrishna Prabhu. SPIE, 2018.Vol. 10802. Proceedings of SPIE. 25.
Link(s) zu Volltext(en)
Access Level
Closed Access