Post on 13-Jul-2020
MoLe: Motion Leaks through Smartwatch Sensors
Presented by Michael Mahler
Introduction - Background
● Modern smartwatches have full suite of motion sensing chips
● Great for counting steps, monitoring sleep, etc
● Opens up a potential side-channel attack
● NOT the goal of MoLe: prove that leaks are possible
● Goal of MoLe: determine to what extent the leaks are possible
Introduction - Related Work
● Using the accelerometer and gyroscope, is it possible to infer keystrokes?
● Related work suggests it’s doable
● (sp)iPhone
● TouchLogger
Introduction - Why It’s Hard
● Data from right hand is absent
● Not everyone uses the same fingers for the same keys
● People type at different speeds (faster and fainter is obviously harder)● Motion data is dependent on the last key pressed - so incorrectly classifying
one key could throw off all subsequent keypresses
Data Exploration
Data Exploration
System Overview
System Design - Keystroke Detector
System Design - Cloud Fitting
Evaluation
● How well can MoLe guess each word?
● What affects its effectiveness?
● Should humans be used in this system?
● Threat prevention
Evaluation - Overall Effectiveness
● 30% chance that MoLe would narrow down a typed word to only 5 possibilities
● 50% chance to only 24 possibilities
Fairly brute-forceable now
Evaluation - Impacts of Variables
● Word Length - longer words are generally easier to classify
● Number of Left-hand Chars in a Word
● Sampling Rate
Evaluation - Human Intervention
● Given a list of possible words in a sentence, how hard would it be for a human to guess the phrase?
● Is this really feasible?
Evaluation - Threat Prevention
● Detect typing events and throttle the accelerometer to ~ 30Hz● Only let the OS handle the raw data. Apps can only see analytics about the
data (i.e. “steps taken today” or “activity level in the past hour”)
● Could apply some sort of differential privacy algorithm
Some Good Things
● Authors very up-front about the limitations of MoLe
● Authors used real people to test MoLe
● A lot of good evaluation-based questions were answered
Criticisms
● Sampling at 200Hz - Data size/throughput/storage isn’t talked about
● No other ML techniques used or considered
● Authors too hard on themselves- MoLe could easily be deployed IRL
Discussion