Don’t Interrupt Me While I Type: Inferring Text Entered Through Gesture Typing on Android Keyboards

Published version
Repository DOI

Type
Article
Change log
Authors
Simon, Laurent 
Xu, Wenduan 
Abstract

We present a new side-channel attack against soft keyboards that support gesture typing on Android smartphones. An application without any special permissions can observe the number and timing of the screen hardware interrupts and system-wide software interrupts generated during user input, and analyze this information to make inferences about the text being entered by the user. System-wide information is usually considered less sensitive than app-specific information, but we provide concrete evidence that this may be mistaken. Our attack applies to all Android versions, including Android M where the SELinux policy is tightened.

We present a novel application of a recurrent neural network as our classifier to infer text. We evaluate our attack against the “Google Keyboard” on Nexus 5 phones and use a real-world chat corpus in all our experiments. Our evaluation considers two scenarios. First, we demonstrate that we can correctly detect a set of pre-defined “sentences of interest” (with at least 6 words) with 70% recall and 60% precision. Second, we identify the authors of a set of anonymous messages posted on a messaging board. We find that even if the messages contain the same number of words, we correctly re-identify the author more than 97% of the time for a set of up to 35 sentences.

Our study demonstrates a new way in which system-wide resources can be a threat to user privacy. We investigate the effect of rate limiting as a countermeasure but find that determining a proper rate is error-prone and fails in subtle cases. We conclude that real-time interrupt information should be made inaccessible, perhaps via a tighter SELinux policy in the next Android version.

Description
Keywords
mobile, smartphone, android, side channel, interrupt, typing, gesture, gesture typing, SwiftKey, Google keyboard, keyboard, procfs, virtual file system, virtual file, artifical neural network, neural network, reccurent neural network, RNN, machine learning, ML
Journal Title
Proceedings on Privacy Enhancing Technologies
Conference Name
Journal ISSN
2299-0984
2299-0984
Volume Title
2016
Publisher
Privacy Enhancing Technologies Symposium Advisory Board
Sponsorship
This work was partially supported by the Samsung Electronics Research Institute (SERI), Thales, and the Carnegie Trust for the Universities of Scotland.