In a recently published study, associate professor Nitesh Saxena, Ph.D., and Ph.D. students Prakash Shrestha and Manar Mohamed have created a way to defend mobile device users against motion-based touchstroke leakage with the injection of noise.Currently, motion sensors on Android devices can be accessed by any application downloaded to the device without a user being prompted to give permission. As a result, hackers could obtain sensitive information like passwords and PINs by tracking the vibrations made from the touchscreen. Given the accuracy rate of this type of attack, mobile security experts consider it a significant threat to user privacy and are exploring methods to combat it.
However, Saxena, Shrestha and Mohamed built a defense mechanism called Slogger that can be used to thwart sensor-based touchstroke logging attacks.
“During the evaluation phase, we implemented Slogger in such a way that, whenever the user launches the application used for the attack, a noise inject request is sent to the Slogger server,” Saxena says. “When the user closes the application, a request to stop Slogger is sent. The application can also be updated to send an inject request whenever the keyboard is running or whenever a user is entering sensitive information.”
