A new article by He Wang, Ted Tsung-Te Lai, and Romit Roy Choudhury has been published by the Systems Networking Research Group at U. of Illinois.
Imagine a user typing on a laptop keyboard while wearing a smart watch. This paper asks whether motion sensors from the watch can leak information about what the user is typing. While its not surprising that some information will be leaked, the ques- tion is how much? We find that when motion signal processing is combined with patterns in English language, the leakage is substantial. Reported results show that when a user types a word W , it is possible to shortlist a median of 24 words, such that W is in this shortlist. When the word is longer than 6 characters, the median shortlist drops to 10. Of course, such leaks happen without requiring any training from the user, and also under the (obvious) condition that the watch is only on the left hand. We believe this is surprising and merits awareness, especially in light of various continuous sensing apps that are emerging in the app market. Moreover, we discover additional “leaks” that can further reduce the shortlist – we leave these exploitations to future work.
Access the full paper here (pdf).
Thanks to Joe Cadillic for this link.