WristSpy: Snooping Passcodes in Mobile Payment Using Wrist-worn Wearables

dc.contributor.authorWang, Chen
dc.contributor.authorLiu, Jian
dc.contributor.authorGuo, Xiaonan
dc.contributor.authorWang, Yan
dc.contributor.authorChen, Yingying
dc.contributor.departmentComputer Information and Graphics Technology, School of Engineering and Technologyen_US
dc.date.accessioned2020-06-19T19:25:36Z
dc.date.available2020-06-19T19:25:36Z
dc.date.issued2019-04
dc.description.abstractMobile payment has drawn considerable attention due to its convenience of paying via personal mobile devices at anytime and anywhere, and passcodes (i.e., PINs or patterns) are the first choice of most consumers to authorize the payment. This paper demonstrates a serious security breach and aims to raise the awareness of the public that the passcodes for authorizing transactions in mobile payments can be leaked by exploiting the embedded sensors in wearable devices (e.g., smartwatches). We present a passcode inference system, WristSpy, which examines to what extent the user's PIN/pattern during the mobile payment could be revealed from a single wrist-worn wearable device under different passcode input scenarios involving either two hands or a single hand. In particular, WristSpy has the capability to accurately reconstruct fine-grained hand movement trajectories and infer PINs/patterns when mobile and wearable devices are on two hands through building a Euclidean distance-based model and developing a training-free parallel PIN/pattern inference algorithm. When both devices are on the same single hand, a highly challenging case, WristSpy extracts multi-dimensional features by capturing the dynamics of minute hand vibrations and performs machine-learning based classification to identify PIN entries. Extensive experiments with 15 volunteers and 1600 passcode inputs demonstrate that an adversary is able to recover a user's PIN/pattern with up to 92% success rate within 5 tries under various input scenarios.en_US
dc.eprint.versionAuthor's manuscripten_US
dc.identifier.citationWang, C., Liu, J., Guo, X., Wang, Y., & Chen, Y. (2019). WristSpy: Snooping Passcodes in Mobile Payment Using Wrist-worn Wearables. IEEE INFOCOM 2019 - IEEE Conference on Computer Communications, 2071–2079. https://doi.org/10.1109/INFOCOM.2019.8737633en_US
dc.identifier.urihttps://hdl.handle.net/1805/23011
dc.language.isoenen_US
dc.publisherIEEEen_US
dc.relation.isversionof10.1109/INFOCOM.2019.8737633en_US
dc.relation.journalIEEE INFOCOM 2019 - IEEE Conference on Computer Communicationsen_US
dc.rightsPublisher Policyen_US
dc.sourceAuthoren_US
dc.subjectonline bankingen_US
dc.subjectmobile paymenten_US
dc.subjectWristSpyen_US
dc.titleWristSpy: Snooping Passcodes in Mobile Payment Using Wrist-worn Wearablesen_US
dc.typeConference proceedingsen_US
Files
Original bundle
Now showing 1 - 1 of 1
Loading...
Thumbnail Image
Name:
Wang_2019_WristSpy.pdf
Size:
3.11 MB
Format:
Adobe Portable Document Format
Description:
License bundle
Now showing 1 - 1 of 1
No Thumbnail Available
Name:
license.txt
Size:
1.99 KB
Format:
Item-specific license agreed upon to submission
Description: