The pervasiveness of mobile devices increases the risk of exposing sensitive information on the go. In this paper, we arise this concern by presenting an automatic attack against modern touchscreen keyboards. We demonstrate the attack against the Apple iPhone—2010's most popular touchscreen device—although it can be adapted to other devices (e.g., Android) that employ similar key-magnifying keyboards. Our attack processes the stream of frames from a video camera (e.g., surveillance or portable camera) and recognizes keystrokes online, in a fraction of the time needed to perform the same task by direct observation or offline analysis of a recorded video, which can be unfeasible for large amount of data. Our attack detects, tracks, and rectifies the target touchscreen, thus following the device or camera's movements and eliminating possible perspective distortions and rotations In real-world settings, our attack can automatically recognize up to 97.07 percent of the keystrokes (91.03 on average), with 1.15 percent of errors (3.16 on average) at a speed ranging from 37 to 51 keystrokes per minute.
@inproceedings{Maggi2011A_Fast, title = {{A Fast Eavesdropping Attack Against Touchscreens}}, author = {Maggi, Federico and Volpatto, Alberto and Gasparini, Simone and Boracchi, Giacomo and Zanero, Stefano}, booktitle = {Proceedings of the 7th International Conference on Information Assurance and Security}, series = {IAS}, month = {December}, year = {2011}, isbn = {978-1-4577-2154-0}, pages = {320--325} }