Slogger: Smashing Motion-based Touchstroke Logging with Transparent System Noise

Prakash Shrestha, Manar Mohamed, Nitesh Saxena

Recent research shows that it is possible to infer a user’s touchscreen inputs (e.g., passwords) on Android devices based on inertial (motion/position) sensors, currently freely-accessible by any Android app. Given the high accuracies of such touchstroke logging attacks, they are now considered a significant threat to user privacy. Consequently, the security community has started exploring defenses to such side channel attacks, but the suggested solutions are either not effective (e.g., those based on vibrational noise) and/or may significantly undermine system usability (e.g., those based on keyboard layout randomization).

In this paper, we introduce a novel and practical defense to motion-based touchstroke leakage based on system-generated, fully automated and user-oblivious sensory noise. Our defense leverages a recently developed framework, SMASheD, that takes advantage of the Android’s ADB functionality and can programmatically inject noise to various inertial sensors. Although SMASheD was originally advertised as a malicious app by its authors, we use it to build a defense mechanism, called Slogger (“Smashing the logger”), for defeating sensor-based touchstroke logging attacks. Slogger transparently inserts noisy sensor readings in the background as the user provides sensitive touchscreen input (e.g., password, PIN or credit card info) in order to obfuscate the original sensor readings. It can be installed in the user space without the need to root the device and to change the device’s OS or kernel.

Our contributions are three-fold. First, we introduce Slogger, identifying a novel, benign use case of SMASheD that can defeat touchstroke logging attacks. Second, we design and implement the Slogger app system that can be used to protect sensitive touchscreen input from leaking away. Third, we comprehensively evaluate Slogger against state-of-the-art touchstroke detection and inference attacks. Our results show that Slogger can significantly reduce the level of touchstroke leakage to the extent these attacks may become unworkable in practice, without affecting other benign apps. We also show that the leakage can be minimized even when attacks utilize a fusion of multiple motion-position sensors.

Review:
This paper attempts to combat attacks on hardware sensors on mobile devices (e.g., accelerometers) via the injection of noise. Specifically, the Slogger system injects noise via the Android Debug Bridge (ADB), and then assess its ability to thwart attacks from malware implementing touch stroke detection (TapLogger) and touch stroke inference (ACCessory) techniques. The reviewers like this paper because it is one of the few to deal with defenses against this class of attack, which is receiving significant attention in the literature. Reviewers also appreciated the thoroughness of the evaluation. The two main concerns shared by the researchers were that the addition of noise had been previously proposed in other works, especially Marquardt et al. (but not implemented) and that it was unclear how difficult it would be for an adversary to remove such noise. Overall, the paper was reviewed positively.