Go to OpenReview Archive homepageAcoustic Keystroke Leakage on Smart Televisions
Abstract: Smart Televisions (TVs) are internet-connected TVs
that support video streaming applications and web browsers.
Users enter information into Smart TVs through on-screen
virtual keyboards. These keyboards require users to navigate
between keys with directional commands from a remote controller.
Given the extensive functionality of Smart TVs, users
type sensitive information (e.g., passwords) into these devices,
making keystroke privacy necessary. This work develops and
demonstrates a new side-channel attack that exposes keystrokes
from the audio of two popular Smart TVs: Apple and Samsung.
This side-channel attack exploits how Smart TVs make different
sounds when selecting a key, moving the cursor, and deleting
a character. These properties allow an attacker to extract the
number of cursor movements between selections from the TV’s
audio. Our attack uses this extracted information to identify
the likeliest typed strings. Against realistic users, the attack
finds up to 33.33\% of credit card details and 60.19\% of
common passwords within 100 guesses. This vulnerability has
been acknowledged by Samsung and highlights how Smart TVs
must better protect sensitive data.
Loading