Teamproject - Attacking Smartphones: Misusing Sensor Data for Password Stealing (FSS 2015 - HWS 2015)

Attacking Smartphones: Misusing Sensor Data for Password Stealing

Recording, analyzing and (mis)using sensor data for password stealing: Everyone uses secret passwords on their smartphones. Examples for passwords with high (financial) value are Apple AppStore, Google Play, Amazon App-Shop, Browser (Bank-account, password restricted areas) and many more. Our goal is to be the "bad" guys, we want to steal the secret password - but without letting the user know. Classical approaches like hardware- or software-keyloggers don't work here, either do side-channels like measuring electro-magnetic or acoustic signals.
We utilize the build-in sensors to measure angular velocity, acceleration, magnetic forces amongst other data which can be accessed without permission. After recording the data, it will be evaluated by machine learning algorithms to map the input of a touch interface to actual keys.

Demonstration: tinyurl.com/gyrodemo

Requirements: Interest in IT security, programming skills in general, basic mathematical knowledge, good programming skills in at least one programming language

Tasks: Use mathematics, programming and cryptography mixed with most modern technology, programm apps/websites, gather and evaluate data sets, use machine learning algorithms

Project Presentation Slides: Download

Supervisors:

Meeting Slides