The eye as a new side channel threat on smartphones

Ahmed Al-Haiqi, Mahamod Ismail, Rosdiadee Nordin

Research output: Chapter in Book/Report/Conference proceedingConference contribution

2 Citations (Scopus)

Abstract

Eye tracking is not a new idea in human-computer interaction research. Since at least as early as 1990s, researchers have tried to utilize eye movement to drive or monitor user interaction with computers. The new idea is using eye movement tracking to breach the privacy of mobile users. In this paper, we study the feasibility of exploiting consumer-grade cameras built onto current smartphones to log eye gazes, and then estimating the keypad numbers being tapped by the user. Assuming Trojan applications with camera use permissions, this process could be implemented without the user contest or knowledge, imposing a potential new threat to the security and privacy of mobile users. Our approach does not involve machine learning methods. In these first preliminary proof-of-concept experiments, we mainly rely on a human attacker to manually analyze the collected images from the smartphone. Utilizing basic dimensionality and motion flow calculations, our results show a promising attack vector with more than 60% of taps inference accuracy.

Original languageEnglish
Title of host publicationProceeding - 2013 IEEE Student Conference on Research and Development, SCOReD 2013
EditorsRosdiadee Nordin, Montadar Abas Taher, Mahamod Ismail
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages475-479
Number of pages5
ISBN (Electronic)9781479926565
DOIs
Publication statusPublished - 06 Jan 2013
Event2013 11th IEEE Student Conference on Research and Development, SCOReD 2013 - Putrajaya, Malaysia
Duration: 16 Dec 201317 Dec 2013

Publication series

NameProceeding - 2013 IEEE Student Conference on Research and Development, SCOReD 2013

Other

Other2013 11th IEEE Student Conference on Research and Development, SCOReD 2013
CountryMalaysia
CityPutrajaya
Period16/12/1317/12/13

Fingerprint

Eye movements
Smartphones
Cameras
Computer keyboards
Human computer interaction
Learning systems
Experiments

All Science Journal Classification (ASJC) codes

  • Control and Systems Engineering
  • Biomedical Engineering
  • Electrical and Electronic Engineering

Cite this

Al-Haiqi, A., Ismail, M., & Nordin, R. (2013). The eye as a new side channel threat on smartphones. In R. Nordin, M. A. Taher, & M. Ismail (Eds.), Proceeding - 2013 IEEE Student Conference on Research and Development, SCOReD 2013 (pp. 475-479). [7002635] (Proceeding - 2013 IEEE Student Conference on Research and Development, SCOReD 2013). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/SCOReD.2013.7002635
Al-Haiqi, Ahmed ; Ismail, Mahamod ; Nordin, Rosdiadee. / The eye as a new side channel threat on smartphones. Proceeding - 2013 IEEE Student Conference on Research and Development, SCOReD 2013. editor / Rosdiadee Nordin ; Montadar Abas Taher ; Mahamod Ismail. Institute of Electrical and Electronics Engineers Inc., 2013. pp. 475-479 (Proceeding - 2013 IEEE Student Conference on Research and Development, SCOReD 2013).
@inproceedings{9c8f52bc9b954b449a94be898ae95dad,
title = "The eye as a new side channel threat on smartphones",
abstract = "Eye tracking is not a new idea in human-computer interaction research. Since at least as early as 1990s, researchers have tried to utilize eye movement to drive or monitor user interaction with computers. The new idea is using eye movement tracking to breach the privacy of mobile users. In this paper, we study the feasibility of exploiting consumer-grade cameras built onto current smartphones to log eye gazes, and then estimating the keypad numbers being tapped by the user. Assuming Trojan applications with camera use permissions, this process could be implemented without the user contest or knowledge, imposing a potential new threat to the security and privacy of mobile users. Our approach does not involve machine learning methods. In these first preliminary proof-of-concept experiments, we mainly rely on a human attacker to manually analyze the collected images from the smartphone. Utilizing basic dimensionality and motion flow calculations, our results show a promising attack vector with more than 60{\%} of taps inference accuracy.",
author = "Ahmed Al-Haiqi and Mahamod Ismail and Rosdiadee Nordin",
year = "2013",
month = "1",
day = "6",
doi = "10.1109/SCOReD.2013.7002635",
language = "English",
series = "Proceeding - 2013 IEEE Student Conference on Research and Development, SCOReD 2013",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
pages = "475--479",
editor = "Rosdiadee Nordin and Taher, {Montadar Abas} and Mahamod Ismail",
booktitle = "Proceeding - 2013 IEEE Student Conference on Research and Development, SCOReD 2013",
address = "United States",

}

Al-Haiqi, A, Ismail, M & Nordin, R 2013, The eye as a new side channel threat on smartphones. in R Nordin, MA Taher & M Ismail (eds), Proceeding - 2013 IEEE Student Conference on Research and Development, SCOReD 2013., 7002635, Proceeding - 2013 IEEE Student Conference on Research and Development, SCOReD 2013, Institute of Electrical and Electronics Engineers Inc., pp. 475-479, 2013 11th IEEE Student Conference on Research and Development, SCOReD 2013, Putrajaya, Malaysia, 16/12/13. https://doi.org/10.1109/SCOReD.2013.7002635

The eye as a new side channel threat on smartphones. / Al-Haiqi, Ahmed; Ismail, Mahamod; Nordin, Rosdiadee.

Proceeding - 2013 IEEE Student Conference on Research and Development, SCOReD 2013. ed. / Rosdiadee Nordin; Montadar Abas Taher; Mahamod Ismail. Institute of Electrical and Electronics Engineers Inc., 2013. p. 475-479 7002635 (Proceeding - 2013 IEEE Student Conference on Research and Development, SCOReD 2013).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

TY - GEN

T1 - The eye as a new side channel threat on smartphones

AU - Al-Haiqi, Ahmed

AU - Ismail, Mahamod

AU - Nordin, Rosdiadee

PY - 2013/1/6

Y1 - 2013/1/6

N2 - Eye tracking is not a new idea in human-computer interaction research. Since at least as early as 1990s, researchers have tried to utilize eye movement to drive or monitor user interaction with computers. The new idea is using eye movement tracking to breach the privacy of mobile users. In this paper, we study the feasibility of exploiting consumer-grade cameras built onto current smartphones to log eye gazes, and then estimating the keypad numbers being tapped by the user. Assuming Trojan applications with camera use permissions, this process could be implemented without the user contest or knowledge, imposing a potential new threat to the security and privacy of mobile users. Our approach does not involve machine learning methods. In these first preliminary proof-of-concept experiments, we mainly rely on a human attacker to manually analyze the collected images from the smartphone. Utilizing basic dimensionality and motion flow calculations, our results show a promising attack vector with more than 60% of taps inference accuracy.

AB - Eye tracking is not a new idea in human-computer interaction research. Since at least as early as 1990s, researchers have tried to utilize eye movement to drive or monitor user interaction with computers. The new idea is using eye movement tracking to breach the privacy of mobile users. In this paper, we study the feasibility of exploiting consumer-grade cameras built onto current smartphones to log eye gazes, and then estimating the keypad numbers being tapped by the user. Assuming Trojan applications with camera use permissions, this process could be implemented without the user contest or knowledge, imposing a potential new threat to the security and privacy of mobile users. Our approach does not involve machine learning methods. In these first preliminary proof-of-concept experiments, we mainly rely on a human attacker to manually analyze the collected images from the smartphone. Utilizing basic dimensionality and motion flow calculations, our results show a promising attack vector with more than 60% of taps inference accuracy.

UR - http://www.scopus.com/inward/record.url?scp=84921724193&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84921724193&partnerID=8YFLogxK

U2 - 10.1109/SCOReD.2013.7002635

DO - 10.1109/SCOReD.2013.7002635

M3 - Conference contribution

AN - SCOPUS:84921724193

T3 - Proceeding - 2013 IEEE Student Conference on Research and Development, SCOReD 2013

SP - 475

EP - 479

BT - Proceeding - 2013 IEEE Student Conference on Research and Development, SCOReD 2013

A2 - Nordin, Rosdiadee

A2 - Taher, Montadar Abas

A2 - Ismail, Mahamod

PB - Institute of Electrical and Electronics Engineers Inc.

ER -

Al-Haiqi A, Ismail M, Nordin R. The eye as a new side channel threat on smartphones. In Nordin R, Taher MA, Ismail M, editors, Proceeding - 2013 IEEE Student Conference on Research and Development, SCOReD 2013. Institute of Electrical and Electronics Engineers Inc. 2013. p. 475-479. 7002635. (Proceeding - 2013 IEEE Student Conference on Research and Development, SCOReD 2013). https://doi.org/10.1109/SCOReD.2013.7002635