Go to DBLP homepageHeart of Betrayal: A PIN Inference Attack Leveraging Photoplethysmography on Wearables
Abstract: The widespread adoption of wrist wearables featuring a range of sensors has led to a substantial user base. Among these sensors, Photoplethysmography (PPG) sensors have gained prominence for their affordability and non-intrusive nature, particularly in the context of vital signs monitoring. However, PPG sensors, with their potential for gesture recognition, also have the ability to extract sensitive private information from users. As the authentication method for many critical scenarios, once a PIN is compromised, it can lead to unbearable consequences. In this study, we introduce PPGLogger, a new side-channel attack that leverages PPG sensors for PIN inference. PPGLogger effectively separates signals originating from heartbeats and keystrokes to minimize noise interference. Additionally, we devise a keystroke detection technique capable of identifying and segmenting individual keystroke signals within the waveforms. For the keystroke inference component, we employ an Rocket-based classifier to achieve precise keystroke recognition. Through extensive real-world experiments, our findings are compelling. PPGLogger achieves an impressive accuracy rate of 76.3% in recognizing 10 digits. Furthermore, we demonstrate that PPGLogger can attain over 50% accuracy in classifying single keystrokes with a minimal dataset of just 28 samples, equivalent to merely 7 PIN entries. This underscores the efficacy and potential threat posed by PPGLogger in compromising user security.
Loading