WebLogger: Stealing your personal PINs via mobile web application

Rui Song, Yubo Song, Qihong Dong, Aiqun Hu, Shang Gao

Research output: Chapter in book / Conference proceedingConference article published in proceeding or bookAcademic researchpeer-review

39 Citations (Scopus)

Abstract

In recent years, various sensors have been integrated into smartphones to sense the slight motions of human body. However, security researchers found that these sensors can not only be used in motion detection, but also as side-channel to reveal users' privacy data by inferring keystrokes. What is worse, as defined in W3C specifications, the mobile web applications can get these sensor readings silently without permissions from users. Therefore, when cross-site scripting vulnerabilities are found in a mobile web application, attackers can get users' privacy data remotely via these sensors in theory. However, these attacks are difficult to achieve by the fact that mobile web applications can only get sensor readings with low sampling rate in practical uses. In this paper, we proposed a novel ensemble learning algorithm based on weighted voting to improve the keystroke inferring accuracy in low sensors sampling rate. Based on this novel learning algorithm, a prototype system named WebLogger is developed to demonstrate the possibility of inferring the PIN numbers or passwords entered by mobile phone users from mobile web application silently. The results of experiments show that the prediction accuracy of our learning model can be improved to 70%, which is better than 50% in single machine learning algorithms.

Original languageEnglish
Title of host publication2017 9th International Conference on Wireless Communications and Signal Processing, WCSP 2017 - Proceedings
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages1-6
Number of pages6
ISBN (Electronic)9781538620625
DOIs
Publication statusPublished - 7 Dec 2017
Event9th International Conference on Wireless Communications and Signal Processing, WCSP 2017 - Nanjing, China
Duration: 11 Oct 201713 Oct 2017

Publication series

Name2017 9th International Conference on Wireless Communications and Signal Processing, WCSP 2017 - Proceedings
Volume2017-January

Conference

Conference9th International Conference on Wireless Communications and Signal Processing, WCSP 2017
Country/TerritoryChina
CityNanjing
Period11/10/1713/10/17

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Signal Processing

Fingerprint

Dive into the research topics of 'WebLogger: Stealing your personal PINs via mobile web application'. Together they form a unique fingerprint.

Cite this