Advanced search
Publication Cover
International Journal of Human–Computer Interaction Latest Articles
Submit an article Journal homepage
220
Views
0
CrossRef citations to date
0
Altmetric
Survey Article

A Systematic Deconstruction of Human-Centric Privacy & Security Threats on Mobile Phones

Habiba Farzanda University of Glasgow, Scotland, UKCorrespondence[email protected]
ORCID Iconhttps://orcid.org/0000-0002-2961-3500View further author information
ORCID Icon,
Melvin Abrahama University of Glasgow, Scotland, UKView further author information
,
Stephen Brewstera University of Glasgow, Scotland, UKView further author information
,
Mohamed Khamisa University of Glasgow, Scotland, UKView further author information
&
Karola Markyb Ruhr University Bochum, GermanyView further author information
Received 11 Jan 2024, Accepted 24 May 2024, Published online: 12 Jun 2024

References

  • 62443, I. (2022). Iec 62443. Retrieved from https://en.wikipedia.org/wiki/IEC_62443
  • Abdrabou, Y., Rivu, S. R., Ammar, T., Liebers, J., Saad, A., Liebers, C., et al. (2022). Understanding shoulder surfer behavior and attack patterns using virtual reality [Paper presentation]. Proceedings of the 2022 International Conference on Advanced Visual Interfaces (pp. 1–9). https://doi.org/10.1145/3531073.3531106
  • Adams, A., & Sasse, M. A. (1999). Users are not the enemy. Communications of the ACM, 42(12), 40–46. https://doi.org/10.1145/322796.322806
  • Aldawood, H., & Skinner, G. (2019). A taxonomy for social engineering attacks via personal devices. International Journal of Computer Applications, 178(50), 19–26. https://doi.org/10.5120/ijca2019919411
  • Alliance, I. G. C. (2020). Quick start guide: An overview of isa/iec 62443 standards security of industrial automation and control systems. https://gca.isa.org/hubfs/ISAGCA%20Quick%20Start%20Guide%20FINAL.pdf
  • Alotaibi, N., Williamson, J., & Khamis, M. (2023). Thermosecure: Investigating the effectiveness of ai-driven thermal attacks on commonly used computer keyboards. ACM Transactions on Privacy and Security, 26(2), 1–24. https://doi.org/10.1145/3563693
  • Amazon (2022). Amazon alexa. Retrieved February 20, 2022, from https://developer.amazon.com/en-US/alexa
  • Amazon (2023). Amazon listing - PerfectPrime IR203, (IR) Infrared Thermal Imager Camera. Retrieved January 1, 2023, from https://amzn.to/3H22Nod
  • Amiri Sani, A. (2017). Schrodintext: Strong protection of sensitive textual content of mobile applications [Paper presentation]. Proceedings of the 15th Annual International Conference on Mobile Systems, Applications, and Services (pp. 197–210).
  • Andriotis, P., Tryfonas, T., Oikonomou, G., & Yildiz, C. (2013). A pilot study on the security of pattern screen-lock methods and soft side channel attacks [Paper presentation]. Proceedings of the Sixth Acm Conference on Security and Privacy in Wireless and Mobile Networks, (pp. 1–6). https://doi.org/10.1145/2462096.2462098
  • Android (2022). Android ndk. Retrieved February 20, 2022, from https://developer.android.com/ndk
  • Apple (2022). Apple siri. Retrieved February 20, 2022, from https://www.apple.com/siri/
  • At Waikato University, M. L. (2021). Weka 3 - data mining with open source machine learning software in java. Retrieved February 20, 2022, from https://www.cs.waikato.ac.nz/ml/weka/
  • Bianchi, A., Corbetta, J., Invernizzi, L., Fratantonio, Y., Kruegel, C., Vigna, G. (2015). What the app is that? deception and countermeasures in the android user interface. In 2015 IEEE Symposium on Security and Privacy (pp. 931 – 948).
  • Cai, Y., Tang, Y., Li, H., Yu, L., Zhou, H., Luo, X., … Su, P. (2020). Resource race attacks on android [Paper presentation]. 2020 IEEE 27th International Conference on Software Analysis, Evolution and Reengineering (Saner) (pp. 47–58). https://doi.org/10.1109/SANER48275.2020.9054863
  • Canny, J. (1986). A computational approach to edge detection. IEEE Transactions on Pattern Analysis and Machine Intelligence, 8(6), 679–698. https://doi.org/10.1109/TPAMI.1986.4767851
  • Cha, S., Kwag, S., Kim, H., & Huh, J. H. (2017). Boosting the guessing attack performance on android lock patterns with smudge attacks [Paper presentation]. In Proceedings of the 2017 Acm on Asia Conference on Computer and Communications Security (pp. 313–326). https://doi.org/10.1145/3052973.3052989
  • Chang, B., Cheng, Y., Chen, B., Zhang, F., Zhu, W.-T., Li, Y., & Wang, Z. (2018). User-friendly deniable storage for mobile devices. Computers & Security, 72, 163–174. https://doi.org/10.1016/j.cose.2017.09.005
  • Chang, C.-C., Lin, C.-J. (2021). Libsvm. Retrieved February 20, 2022, from https://www.csie.ntu.edu.tw/∼cjlin/libsvm/
  • Chen, Q. A., Qian, Z., Mao, Z. M. (2014). Peeking into your app without actually seeing it:{UI} state inference and novel android attacks. In 23rd Usenix Security Symposium (Usenix Security 14) (pp. 1037 – 1052).
  • Chen, S., Fan, L., Chen, C., Xue, M., Liu, Y., & Xu, L. (2019). Gui-squatting attack: Automated generation of android phishing apps. IEEE Transactions on Dependable and Secure Computing, 18(6), 1–1. https://doi.org/10.1109/TDSC.2019.2956035
  • Chen, T., Farcasin, M., & Chan-Tin, E. (2018). Smartphone passcode prediction. IET Information Security, 12(5), 431–437. https://doi.org/10.1049/iet-ifs.2017.0606
  • Cho, G., Huh, J. H., Cho, J., Oh, S., Song, Y., & Kim, H. (2017). Syspal: System-guided pattern locks for android [Paper presentation]. 2017 IEEE Symposium on Security and Privacy (sp) (pp. 338–356). https://doi.org/10.1109/SP.2017.61
  • Clarke, N. L., & Furnell, S. M. (2005). Authentication of users on mobile telephones–A survey of attitudes and practices. Computers & Security, 24(7), 519–527. https://doi.org/10.1016/j.cose.2005.08.003
  • Committee, I., & (TC65WG10), I. T. C. W. G. (2016). The 62443 series of standards: Industrial automation and control systems security.
  • Devi, M., & Majumder, A. (2021). Side-channel attack in internet of things: A survey. In J. K. Mandal, S. Mukhopadhyay, & A. Roy (Eds.), Applications of internet of things (pp. 213–222). Springer Singapore.
  • Diao, W., Liu, X., Li, Z., & Zhang, K. (2016). No pardon for the interruption: New inference attacks on android through interrupt timing analysis [Paper presentation]. In 2016 IEEE Symposium on Security and Privacy (sp) (pp. 414–432). https://doi.org/10.1109/SP.2016.32
  • Distler, V., Fassl, M., Habib, H., Krombholz, K., Lenzini, G., Lallemand, C., Cranor, L. F., & Koenig, V. (2021). A systematic literature review of empirical methods and risk representation in usable privacy and security research. ACM Transactions on Computer-Human Interaction, 28(6), 1–50. https://doi.org/10.1145/3469845
  • Do, Q., Martini, B., & Choo, K.-K. R. (2019). The role of the adversary model in applied security research. Computers & Security, 81, 156–181. https://doi.org/10.1016/j.cose.2018.12.002
  • Dunphy, P., Heiner, A. P., & Asokan, N. (2010). A closer look at recognition-based graphical passwords on mobile devices [Paper presentation]. Proceedings of the Sixth Symposium on Usable Privacy and Security (pp. 1–12). https://doi.org/10.1145/1837110.1837114
  • Eiband, M., Khamis, M., Von Zezschwitz, E., Hussmann, H., Alt, F. (2017). Understanding shoulder surfing in the wild: Stories from users and observers. In Proceedings of the 2017 Chi Conference on Human Factors in Computing Systems (pp. 4254 – 4265).
  • Ettus. (2022). Usrp b210. Retrieved February 20, 2022, from https://www.ettus.com/all-products/ub210-kit/
  • Farzand, H., Bhardwaj, K., Marky, K., & Khamis, M. (2021). The interplay between personal relationships & shoulder surfing mitigation [Paper presentation]. Mensch Und Computer 2021 (pp. 338–343). https://doi.org/10.1145/3473856.3474006
  • Farzand, H., Marky, K., & Khamis, M. (2022). Shoulder surfing through the social lens: A longitudinal investigation & insights from an exploratory diary study [Paper presentation]. Proceedings of the 2022 European Symposium on Usable Security (pp. 85–97). https://doi.org/10.1145/3549015.3554211
  • Farzand, H., Marky, K., & Khamis, M. (2024). Out-of-device privacy unveiled: Designing and validating the out-of-device privacy scale (ODPS) [Paper presentation]. Proceedings of the 2024 Chi Conference on Human Factors in Computing Systems, New York, NY, USA. Association for Computing Machinery. https://doi.org/10.1145/3613904.3642623
  • Farzand, H., Mathis, F., Marky, K., & Khamis, M. (2022). Trust & privacy expectations during perilous times of contact tracing [Paper presentation]. Proceedings of the Symposium on Usable Security and Privacy.
  • Felt, A. P., & Wagner, D. (2011). Phishing on mobile devices. Citeseer.
  • Felt, A. P., Ha, E., Egelman, S., Haney, A., Chin, E., Wagner, D. (2012). Android permissions: User attention, comprehension, and behavior. In Proceedings of the Eighth Symposium on Usable Privacy and Security (pp. 1 – 14).
  • Fernandes, E., Chen, Q. A., Essl, G., Halderman, J. A., Mao, Z. M., & Prakash, A. (2014). Tivos: Trusted visual i/o paths for android. University of Michigan CSE Technical Report CSE-TR-586-14
  • for Developers, A. (2022). Permissions on android. Retrieved February 20, 2022, from https://developer.android.com/guide/topics/permissions/overview
  • Frigo, P., Giuffrida, C., Bos, H., & Razavi, K. (2018). Grand pwning unit: Accelerating microarchitectural attacks with the GPU [Paper presentation]. In 2018 IEEE Symposium on Security and Privacy (sp, (pp. 195–210). https://doi.org/10.1109/SP.2018.00022
  • Ghasempouri, T., Raik, J., Paul, K., Reinbrecht, C., Hamdioui, S., (2021). Verifying cache architecture vulnerabilities using a formal security verification flow. Microelectronics Reliability, 119, 114085. https://doi.org/10.1016/j.microrel.2021.114085
  • Goel, D., & Jain, A. K. (2018). Mobile phishing attacks and defence mechanisms: State of art and open research challenges. Computers & Security, 73, 519–544. https://doi.org/10.1016/j.cose.2017.12.006
  • Golle, P., Partridge, K. (2009). On the anonymity of home/work location pairs. In International Conference on Pervasive Computing (pp. 390 – 397).
  • Google (2022). Google assistant. Retrieved February 20, 2022, from https://assistant.google.com/
  • Goucher, W. (2011). Look behind you: The dangers of shoulder surfing. Computer Fraud & Security, 2011(11), 17–20. https://doi.org/10.1016/S1361-3723(11)70116-6
  • Griswold-Steiner, I., LeFevre, Z., & Serwadda, A. (2021). Smartphone speech privacy concerns from side-channel attacks on facial biomechanics. Computers & Security, 100, 102110. https://doi.org/10.1016/j.cose.2020.102110
  • Grünerbl, A., Muaremi, A., Osmani, V., Bahle, G., Ohler, S., Tröster, G., Mayora, O., Haring, C., & Lukowicz, P. (2014). Smartphone-based recognition of states and state changes in bipolar disorder patients. IEEE Journal of Biomedical and Health Informatics, 19(1), 140–148. https://doi.org/10.1109/JBHI.2014.2343154
  • Gruss, D., Bidner, D., Mangard, S. (2015). Practical memory deduplication attacks in sandboxed javascript. In European Symposium on Research in Computer Security (pp. 108 – 122).
  • Gugenheimer, J., De Luca, A., Hess, H., Karg, S., Wolf, D., Rukzio, E. (2015). Colorsnakes: Using colored decoys to secure authentication in sensitive contexts. In Proceedings of the 17th International Conference on Human-Computer Interaction with Mobile Devices and Services (pp. 274 – 283).
  • Gulmezoglu, B., Zankl, A., Tol, M. C., Islam, S., Eisenbarth, T., & Sunar, B. (2019). Undermining user privacy on mobile devices using AI [Paper presentation]. In Proceedings of the 2019 ACM Asia Conference on Computer and Communications Security (pp. 214–227). https://doi.org/10.1145/3321705.3329804
  • Guo, Y., Ma, J., Wu, W., Chen, X. (2018). Inferring UI states of mobile applications through power side channel exploitation. In International Conference on Security and Privacy in Communication Systems (pp. 210 – 226).
  • Gupta, H., Sural, S., Atluri, V., Vaidya, J. (2016). Deciphering text from touchscreen key taps. In IFIP Annual Conference on Data and Applications Security and Privacy (pp. 3 – 18).
  • Gupta, S., Singhal, A., & Kapoor, A. (2016). A literature survey on social engineering attacks: Phishing attack [Paper presentation]. 2016 International Conference on Computing, Communication and Automation ( ICCCA) (pp. 537–540). https://doi.org/10.1109/CCAA.2016.7813778
  • Hanna, S., Huang, L., Wu, E., Li, S., Chen, C., Song, D. (2012). Juxtapp: A scalable system for detecting code reuse among android applications. In International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (pp. 62 – 81).
  • Harbach, M., Von Zezschwitz, E., Fichtner, A., De Luca, A., Smith, M. (2014). {It’s} a hard lock life: A field study of smartphone ({Un) Locking} behavior and risk perception. In 10th Symposium on Usable Privacy and Security (Soups 2014) (pp. 213 – 230).
  • Heartfield, R., & Loukas, G. (2015). A taxonomy of attacks and a survey of defence mechanisms for semantic social engineering attacks. ACM Computing Surveys, 48(3), 1–39. https://doi.org/10.1145/2835375
  • Hernandez, J., McDuff, D. J., & Picard, R. W. (2015). Biophone: Physiology monitoring from peripheral smartphone motions [Paper presentation]. 2015 37th Annual International Conference of the Ieee Engineering in Medicine and Biology Society ( EMBC) (pp. 7180–7183). https://doi.org/10.1109/EMBC.2015.7320048
  • Ho, T. K. (1995). Random decision forests. In Proceedings of 3rd International Conference on Document Analysis and Recognition (Vol. 1, pp. 278 – 282).
  • Hölzl, M., Roland, M., & Mayrhofer, R. (2017). Real-world identification for an extensible and privacy-preserving mobile eid [Paper presentation]. In IFIP International Summer School on Privacy and Identity Management (pp. 354–370).
  • Hua, J., Shen, Z., & Zhong, S. (2017). We can track you if you take the metro: Tracking metro riders using accelerometers on smartphones. IEEE Transactions on Information Forensics and Security, 12(2), 286–297. https://doi.org/10.1109/TIFS.2016.2611489
  • Huestegge, L., & Pimenidis, L. (2014). Visual search in authentication systems based on memorized faces: Effects of memory load and retention interval. International Journal of Human-Computer Interaction, 30(7), 604–611. https://doi.org/10.1080/10447318.2014.907464
  • Inci, M. S., Eisenbarth, T., Sunar, B. (2017). Hit by the bus: Qos degradation attack on android. In Proceedings of the 2017 Acm on Asia Conference on Computer and Communications Security (pp. 716 – 727).
  • Ivaturi, K., Janczewski, L. (2011). A taxonomy for social engineering attacks. In International Conference on Information Resources Management (pp. 1 – 12).
  • Jana, S., Shmatikov, V. (2012). Memento: Learning secrets from process footprints. In 2012 IEEE Symposium on Security and Privacy (pp. 143 – 157).
  • Jia, J., Gong, N. Z. (2018). {AttriGuard}: A practical defense against attribute inference attacks via adversarial machine learning. In 27th Usenix Security Symposium (Usenix Security 18) (pp. 513 – 529).
  • Jiang, L., Meng, W., Wang, Y., Su, C., Li, J. (2017). Exploring energy consumption of juice filming charging attack on smartphones: A pilot study. In International Conference on Network and System Security (pp. 199 – 213).
  • Johnson, A. (2021). Side channel attacks and mitigations 2015-2020: A taxonomy of published work [Paper presentation]. In European Conference on Cyber Warfare and Security (pp. 482–XII).
  • Joy Persial, G., Prabhu, M., & Shanmugalakshmi, R. (2011). Side channel attack-survey. International Journal of Advance Scientific Research Review, 1(4), 54–57.
  • Kalal, Z., Mikolajczyk, K., & Matas, J. (2011). Tracking-learning-detection. IEEE Transactions on Pattern Analysis and Machine Intelligence, 34(7), 1409–1422. https://doi.org/10.1109/TPAMI.2011.239
  • Khamis, M., Alt, F., Hassib, M., von Zezschwitz, E., Hasholzner, R., Bulling, A. (2016). Gazetouchpass: Multimodal authentication using gaze and touch on mobile devices. In Proceedings of the 2016 Chi Conference Extended Abstracts on Human Factors in Computing Systems (pp. 2156 – 2164).
  • Khamis, M., Eiband, M., Zürn, M., & Hussmann, H. (2018). Eyespot: Leveraging gaze to protect private text content on mobile devices from shoulder surfing. Multimodal Technologies and Interaction, 2(3), 45. https://doi.org/10.3390/mti2030045
  • Kirkwood, D., Tombul, C., Firth, C., Macdonald, F., Priftis, K., Mathis, F., … Marky, K. (2022). Pin scrambler: Assessing the impact of randomized layouts on the usability and security of pins [Paper presentation]. In Proceedings of the 21st International Conference on Mobile and Ubiquitous Multimedia (pp. 83–88). https://doi.org/10.1145/3568444.3568450
  • Krombholz, K., Hobel, H., Huber, M., & Weippl, E. (2015). Advanced social engineering attacks. Journal of Information Security and Applications, 22, 113–122. https://doi.org/10.1016/j.jisa.2014.09.005
  • Krombholz, K., Hupperich, T., Holz, T. (2016). Use the force: Evaluating {Force-Sensitive} authentication for mobile devices. In Twelfth Symposium on Usable Privacy and Security (Soups 2016) (pp. 207 – 219).
  • Ku, Y., Park, L. H., Shin, S., & Kwon, T. (2019). Draw it as shown: Behavioral pattern lock for mobile user authentication. IEEE Access, 7, 69363–69378. https://doi.org/10.1109/ACCESS.2019.2918647
  • Kumar, R., Kishore, S., Lu, H., Prakash, A. (2020). Security analysis of unified payments interface and payment apps in India. In 29th Usenix Security Symposium (Usenix Security 20) (pp. 1499 – 1516).
  • La Polla, M., Martinelli, F., & Sgandurra, D. (2013). A survey on security for mobile devices. IEEE Communications Surveys & Tutorials, 15(1), 446–471. https://doi.org/10.1109/SURV.2012.013012.00028
  • Lakshmanan, N., Budhdev, N., Kang, M. S., Chan, M. C., & Han, J. (2021). A stealthy location identification attack exploiting carrier aggregation in cellular networks [Paper presentation]. In 30th Usenix Security Symposium (Usenix Security 21) (pp. 3899–3916).
  • Lee, K., Kaiser, B., Mayer, J., Narayanan, A. (2020). An empirical study of wireless carrier authentication for {SIM} swaps. In Sixteenth Symposium on Usable Privacy and Security (Soups 2020) (pp. 61 – 79).
  • Li, M., Meng, Y., Liu, J., Zhu, H., Liang, X., Liu, Y., Ruan, N. (2016). When CSI meets public wifi: Inferring your mobile phone password via wifi signals. In Proceedings of the 2016 ACM Sigsac Conference on Computer and Communications Security (pp. 1068 – 1079).
  • Li, Z., Ma, F., Rathore, A. S., Yang, Z., Chen, B., Su, L., & Xu, W. (2020). Wavespy: Remote and through-wall screen attack via mmwave sensing [Paper presentation].2020 IEEE Symposium on Security and Privacy (SP) (pp. 217–232). https://doi.org/10.1109/SP40000.2020.00004
  • LiKamWa, R., Liu, Y., Lane, N. D., Zhong, L. (2013). Moodscope: Building a mood sensor from smartphone usage patterns. In Proceeding of the 11th Annual International Conference on Mobile Systems, Applications, and Services (pp. 389–402).
  • Lipp, M., Gruss, D., Spreitzer, R., Maurice, C., Mangard, S. (2016). {ARMageddon}: Cache attacks on mobile devices. In 25th Usenix Security Symposium (Usenix Security 16) (pp. 549–564).
  • Liu, P., Zang, W., & Yu, M. (2005). Incentive-based modeling and inference of attacker intent, objectives, and strategies. ACM Transactions on Information and System Security, 8(1), 78–118. https://doi.org/10.1145/1053283.1053288
  • Luo, T., Jin, X., Ananthanarayanan, A., Du, W. (2012). Touchjacking attacks on web in android, IOS, and windows phone. In International Symposium on Foundations and Practice of Security (pp. 227–243).
  • Ma, J., Yang, W., Luo, M., Li, N. (2014). A study of probabilistic password models. In 2014 IEEE Symposium on Security and Privacy (pp. 689–704).
  • Marky, K., Macdonald, S., Abdrabou, Y., Khamis, M. (2023). In the quest to protect users from {Side-Channel} attacks–a {User-Centred} design space to mitigate thermal attacks on public payment terminals. In 32nd Usenix Security Symposium (Usenix Security 23) (pp. 5235–5252).
  • Matas, J., Galambos, C., & Kittler, J. (2000). Robust detection of lines using the progressive probabilistic Hough transform. Computer Vision and Image Understanding, 78(1), 119–137. https://doi.org/10.1006/cviu.1999.0831
  • Matyunin, N., Wang, Y., Arul, T., Kullmann, K., Szefer, J., Katzenbeisser, S. (2019). Magneticspy: Exploiting magnetometer in mobile devices for website and application fingerprinting. In Proceedings of the 18th ACM Workshop on Privacy in the Electronic Society (pp. 135–149).
  • Mayrhofer, R., & Sigg, S. (2021). Adversary models for mobile device authentication. ACM Computing Surveys, 54(9), 1–35. https://doi.org/10.1145/3477601
  • Mayring, P., et al. (2004). Qualitative content analysis. A Companion to Qualitative Research, 1(2), 159–176.
  • Meng, W., Lee, W. H., Murali, S., Krishnan, S. (2015). Charging me and i know your secrets! Towards juice filming attacks on smartphones. In Proceedings of the 1st Acm Workshop on Cyber-Physical System Security (pp. 89–98).
  • Mitchell, M., Wang, A.-I., Reiher, P. (2015). Cashtags: Prevent leaking sensitive information through screen display. In Proceedings of the Usenix Security Symposium (Vol. 1).
  • Myagmar, S., Lee, A. J., Yurcik, W. (2005). Threat modeling as a basis for security requirements. In Symposium on Requirements Engineering for Information Security (Sreis) (Vol. 2005, pp. 1–8).
  • Narain, S., Sanatinia, A., & Noubir, G. (2014). Single-stroke language-agnostic keylogging using stereo-microphones and domain specific machine learning [Paper presentation]. Proceedings of the 2014 Acm Conference on Security and Privacy in Wireless & Mobile Networks (pp. 201–212). https://doi.org/10.1145/2627393.2627417
  • Narain, S., Vo-Huu, T. D., Block, K., & Noubir, G. (2016). Inferring user routes and locations using zero-permission mobile sensors [Paper presentation]. 2016 IEEE Symposium on Security and Privacy (sp) (pp. 397–413). https://doi.org/10.1109/SP.2016.31
  • Niemietz, M., & Schwenk, J. (2012). Ui redressing attacks on android devices. Black Hat Abu Dhabi.
  • Ocr, T. (2022). Tesseract ocr. Retrieved February 20, 2022, from https://github.com/tesseract-ocr/tesseract
  • Ometov, A., Levina, A., Borisenko, P., Mostovoy, R., Orsino, A., & Andreev, S. (2017). Mobile social networking under side-channel attacks: Practical security challenges. IEEE Access, 5, 2591–2601. https://doi.org/10.1109/ACCESS.2017.2665640
  • OpenCV (2022a). Eroding and dilating. Retrieved February 20, 2022, from https://docs.opencv.org/2.4/doc/tutorials/imgproc/erosion_dilatation/erosion_dilatation.html
  • OpenCV (2022b). Opencv. Retrieved February 20, 2022, from https://opencv.org
  • OpenCV (2022c). Opencv: Canny edge detection. Retrieved February 20, 2022, from https://docs.opencv.org/3.4/da/d22/tutorial_py_canny.html
  • Owusu, E., Han, J., Das, S., Perrig, A., & Zhang, J. (2012). Accessory: Password inference using accelerometers on smartphones [Paper presentation].Proceedings of the Twelfth Workshop on Mobile Computing Systems & Applications (pp. 1–6). https://doi.org/10.1145/2162081.2162095
  • Pham, A., Dacosta, I., Losiouk, E., Stephan, J., Huguenin, K., Hubaux, J.-P. (2019). {HideMyApp}: Hiding the presence of sensitive apps on android. In 28th Usenix Security Symposium (Usenix Security 19) (pp. 711–728).
  • Ping, D., Sun, X., Mao, B. (2015). Textlogger: Inferring longer inputs on touch screen using motion sensors. In Proceedings of the 8th Acm Conference on Security & Privacy in Wireless and Mobile Networks (pp. 1–12).
  • Por, L. Y., Ng, I. O., Chen, Y.-L., Yang, J., & Ku, C. S. (2024). A systematic literature review on the security attacks and countermeasures used in graphical passwords. IEEE Access, 12, 53408–53423. https://doi.org/10.1109/ACCESS.2024.3373662
  • Possemato, A., Lanzi, A., Chung, S. P. H., Lee, W., Fratantonio, Y. (2018). Clickshield: Are you hiding something? Towards eradicating clickjacking on android. In Proceedings of the 2018 ACM Sigsac Conference on Computer and Communications Security (pp. 1120–1136).
  • Raguram, R., White, A. M., Goswami, D., Monrose, F., Frahm, J.-M. (2011). ISPY: Automatic reconstruction of typed input from compromising reflections. In Proceedings of the 18th ACM Conference on Computer and Communications Security (pp. 527–536).
  • Rescorla, E., & Korver, B. (2003). Guidelines for writing rfc text on security considerations (Tech. Rep.). BCP 72, RFC 3552, July.
  • Saad, A., Liebers, J., Gruenefeld, U., Alt, F., & Schneegass, S. (2021). Understanding bystanders’ tendency to shoulder surf smartphones using 360-degree videos in virtual reality [Paper presentation] (pp. 1–8). https://doi.org/10.1145/3447526.3472058
  • Security, H. (2022). Android permissions can be dangerous: Full guide to managing them. Retrieved February 20, 2022, from https://heimdalsecurity.com/blog/android-permissions-full-guide/
  • Security, N. E. (2022). Uniqpass v15 – large password list. Retrieved February 20, 2022, from https://neverendingsecurity.wordpress.com/2015/04/19/uniqpass-v15-large-password-list/
  • Shi, E., Niu, Y., Jakobsson, M., Chow, R. (2010). Implicit authentication through learning user behavior. In International Conference on Information Security (pp. 99–113).
  • Shin, H., Sim, S., Kwon, H., Hwang, S., & Lee, Y. (2022). A new smart smudge attack using CNN. International Journal of Information Security, 21(1), 25–36. https://doi.org/10.1007/s10207-021-00540-z
  • Shukla, D., & Phoha, V. V. (2019). Stealing passwords by observing hands movement. IEEE Transactions on Information Forensics and Security, 14(12), 3086–3101. https://doi.org/10.1109/TIFS.2019.2911171
  • Simon, L., Anderson, R. (2013). Pin skimmer: Inferring pins through the camera and microphone. In Proceedings of the Third ACM Workshop on Security and Privacy in Smartphones & Mobile Devices (pp. 67–78).
  • Simon, L., Xu, W., & Anderson, R. (2016). Don’t interrupt me while i type: Inferring text entered through gesture typing on android keyboards. Proceedings on Privacy Enhancing Technologies Symposium, 2016(3), 136–154. https://doi.org/10.1515/popets-2016-0020
  • Son, S., Kim, D., & Shmatikov, V. (2016). What mobile ads know about mobile users [Paper presentation]. In Ndss.
  • Song, C., Lin, F., Ba, Z., Ren, K., Zhou, C., Xu, W. (2016). My smartphone knows what you print: Exploring smartphone-based side-channel attacks against 3D printers. In Proceedings of the 2016 ACM Sigsac Conference on Computer and Communications Security (pp. 895–907).
  • Spreitzer, R. (2014). Pin skimming: Exploiting the ambient-light sensor in mobile devices. In Proceedings of the 4th ACM Workshop on Security and Privacy in Smartphones & Mobile Devices (pp. 51–62).
  • Spreitzer, R., Griesmayr, S., Korak, T., Mangard, S. (2016). Exploiting data-usage statistics for website fingerprinting attacks on android. In Proceedings of the 9th ACM Conference on Security & Privacy in Wireless and Mobile Networks (pp. 49–60).
  • Spreitzer, R., Kirchengast, F., Gruss, D., Mangard, S. (2018). Procharvester: Fully automated analysis of procfs side-channel leaks on android. In Proceedings of the 2018 on Asia Conference on Computer and Communications Security (pp. 749–763).
  • Spreitzer, R., Palfinger, G., Mangard, S. (2018). Scandroid: Automated side-channel analysis of android apis. In Proceedings of the 11th Acm Conference on Security & Privacy in Wireless and Mobile Networks (pp. 224–235).
  • srsRAN (2022). Srsran - your own mobile network. Retrieved February 20, 2022, from https://www.srslte.com
  • Tang, B., Wang, Z., Wang, R., Zhao, L., & Wang, L. (2018). Niffler: A context-aware and user-independent side-channel attack system for password inference. Wireless Communications and Mobile Computing, 2018, 1–19. https://doi.org/10.1155/2018/4627108
  • Tsalis, N., Vasilellis, E., Mentzelioti, D., & Apostolopoulos, T. (2019). A taxonomy of side channel attacks on critical infrastructures and relevant systems. In Critical infrastructure security and resilience (pp. 283–313). Springer.
  • Ulqinaku, E., Malisa, L., Stefa, J., Mei, A., Čapkun, S. (2017). Using hover to compromise the confidentiality of user input on android. In Proceedings of the 10th Acm Conference on Security and Privacy in Wireless and Mobile Networks (pp. 12–22).
  • Von Gioi, R. G., Jakubowicz, J., Morel, J.-M., & Randall, G. (2010). Lsd: A fast line segment detector with a false detection control. IEEE Transactions on Pattern Analysis and Machine Intelligence, 32(4), 722–732. https://doi.org/10.1109/TPAMI.2008.300
  • Wang, J., Gao, B., Tu, H., Liang, H.-N., Liu, Z., Luo, W., & Weng, J. (2023). Secure and memorable authentication using dynamic combinations of 3D objects in virtual reality. International Journal of Human–Computer Interaction, 1–19. https://doi.org/10.1080/10447318.2023.2217608
  • Watanabe, T., Akiyama, M., & Mori, T. (2015). {RouteDetector}: Sensor-based positioning system that exploits {Spatio-Temporal} regularity of human mobility [Paper presentation]. In 9th Usenix Workshop on Offensive Technologies (Woot 15).
  • Wu, C., He, K., Chen, J., Du, R. (2019). Icauth: Implicit and continuous authentication when the screen is awake. In ICC 2019-2019 IEEE International Conference on Communications (ICC) (pp. 1–6).
  • Yan, L., Guo, Y., Chen, X., Mei, H. (2015). A study on power side channels on mobile devices. In Proceedings of the 7th Asia-Pacific Symposium on Internetware (pp. 30–38).
  • Yang, L., Zhi, Y., Wei, T., Yu, S., & Ma, J. (2019). Inference attack in android activity based on program fingerprint. Journal of Network and Computer Applications, 127, 92–106. https://doi.org/10.1016/j.jnca.2018.12.007
  • Ye, G., Tang, Z., Fang, D., Chen, X., Kim, K. I., Taylor, B., Wang, Z. (2017). Cracking android pattern lock in five attempts. In Proceedings of the 2017 Network and Distributed System Security Symposium 2017 (Ndss 17).
  • Yu, X., Wang, Z., Li, Y., Li, L., Zhu, W. T., & Song, L. (2017). Evopass: Evolvable graphical password against shoulder-surfing attacks. Computers & Security, 70, 179–198. https://doi.org/10.1016/j.cose.2017.05.006
  • Yue, Q., Ling, Z., Fu, X., Liu, B., Ren, K., Zhao, W. (2014). Blind recognition of touched keys on mobile devices. In Proceedings of the 2014 Acm Sigsac Conference on Computer and Communications Security (pp. 1403–1414).
  • Zhang, J., Tang, Z., Li, M., Fang, D., Chen, X., & Wang, Z. (2019). Find me a safe zone: A countermeasure for channel state information based attacks. Computers & Security, 80, 273–290. https://doi.org/10.1016/j.cose.2018.09.017
  • Zhang, J., Zheng, X., Tang, Z., Xing, T., Chen, X., Fang, D., Li, R., Gong, X., & Chen, F. (2016). Privacy leakage in mobile sensing: Your unlock passwords can be leaked through wireless hotspot functionality. Mobile Information Systems, 2016, 1–14. https://doi.org/10.1155/2016/8793025
  • Zhang, N., Sun, K., Shands, D., Lou, W., & Hou, Y. T. (2016). Truspy: Cache side-channel information leakage from the secure world on arm devices. Cryptology ePrint Archive. https://eprint.iacr.org/2016/980
  • Zhang, X., Wang, X., Bai, X., Zhang, Y., Wang, X. (2018). Os-level side channels without procfs: Exploring cross-app information leakage on ios. In Proceedings of the Symposium on Network and Distributed System Security.
  • Zhang, X., Xiao, Y., & Zhang, Y. (2016). Return-oriented flush-reload side channels on arm and their implications for android devices [Paper presentation]. In Proceedings of the 2016 Acm Sigsac Conference on Computer and Communications Security, (pp. 858–870). https://doi.org/10.1145/2976749.2978360
  • Zheng, H., & Hu, H. (2020). Missile: A system of mobile inertial sensor-based sensitive indoor location eavesdropping. IEEE Transactions on Information Forensics and Security, 15, 3137–3151. https://doi.org/10.1109/TIFS.2019.2944034
  • Zhou, W., Zhang, X., Jiang, X. (2013). Appink: Watermarking android apps for repackaging deterrence. In Proceedings of the 8th Acm Sigsac Symposium on Information, Computer and Communications Security (pp. 1–12).
  • Zhou, W., Zhou, Y., Jiang, X., & Ning, P. (2012). Detecting repackaged smartphone applications in third-party android marketplaces [Paper presentation]. Proceedings of the Second ACM Conference on Data and Application Security and Privacy (pp. 317–326). https://doi.org/10.1145/2133601.2133640
  • Zisserman, A. (2015). The svm classifier. Retrieved February 20, 2022, from https://www.robots.ox.ac.uk/∼az/lectures/ml/lect2.pdf

Related research

People also read lists articles that other readers of this article have read.

Recommended articles lists articles that we recommend and is powered by our AI driven recommendation engine.

Cited by lists all citing articles based on Crossref citations.
Articles with the Crossref icon will open in a new tab.