{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,9]],"date-time":"2026-04-09T14:30:27Z","timestamp":1775745027670,"version":"3.50.1"},"reference-count":29,"publisher":"Association for Computing Machinery (ACM)","issue":"MHCI","license":[{"start":{"date-parts":[[2022,9,19]],"date-time":"2022-09-19T00:00:00Z","timestamp":1663545600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/501100001659","name":"Deutsche Forschungsgemeinschaft","doi-asserted-by":"publisher","award":["425869382"],"award-info":[{"award-number":["425869382"]}],"id":[{"id":"10.13039\/501100001659","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["Proc. ACM Hum.-Comput. Interact."],"published-print":{"date-parts":[[2022,9,19]]},"abstract":"This paper contributes to our understanding of user-centered attacks on smartphones. In particular, we investigate the likelihood of so-called shoulder surfing attacks during touch-based unlock events and provide insights into users' views and perceptions. To do so, we ran a two-week in-the-wild study (N=12) in which we recorded images with a 180-degree field of view lens that was mounted on the smartphone's front-facing camera. In addition, we collected contextual information and allowed participants to assess the situation. We found that only a small fraction of shoulder surfing incidents that occur during authentication are actually perceived as threatening. Furthermore, our findings suggest that our notions of (un)safe places need to be rethought. Our work is complemented by a discussion of implications for future user-centered attack-aware systems. This work can serve as a basis for usable security researchers to better design systems against user-centered attacks.<\/jats:p>","DOI":"10.1145\/3546742","type":"journal-article","created":{"date-parts":[[2022,9,20]],"date-time":"2022-09-20T23:14:30Z","timestamp":1663715670000},"page":"1-14","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":11,"title":["An Investigation of Shoulder Surfing Attacks on Touch-Based Unlock Events"],"prefix":"10.1145","volume":"6","author":[{"given":"Stefan","family":"Schneegass","sequence":"first","affiliation":[{"name":"University of Duisburg-Essen, Essen, Germany"}]},{"given":"Alia","family":"Saad","sequence":"additional","affiliation":[{"name":"University of Duisburg-Essen, Essen, Germany"}]},{"given":"Roman","family":"Heger","sequence":"additional","affiliation":[{"name":"University of Duisburg-Essen, Essen, Germany"}]},{"given":"Sarah","family":"Delgado Rodriguez","sequence":"additional","affiliation":[{"name":"University of the Bundeswehr, M\u00fcnchen, Germany"}]},{"given":"Romina","family":"Poguntke","sequence":"additional","affiliation":[{"name":"KUKA Deutschland GmbH, Augsburg, Germany"}]},{"given":"Florian","family":"Alt","sequence":"additional","affiliation":[{"name":"University of the Bundeswehr, Munich, Germany"}]}],"member":"320","published-online":{"date-parts":[[2022,9,20]]},"reference":[{"key":"e_1_2_1_1_1","volume-title":"Understanding Shoulder Surfer Behavior Using Virtual Reality. In 2022 IEEE Conference on Virtual Reality and 3D User Interfaces Abstracts and Workshops (VRW). 576--577","author":"Abdrabou Yasmeen","year":"2022","unstructured":"Yasmeen Abdrabou , Radiah Rivu , Tarek Ammar , Jonathan Liebers , Alia Saad , Carina Liebers , Uwe Gruenefeld , Pascal Knierim , Mohamed Khamis , Ville M\u00e4kel\u00e4 , Stefan Schneegass , and Florian Alt . 2022 . Understanding Shoulder Surfer Behavior Using Virtual Reality. In 2022 IEEE Conference on Virtual Reality and 3D User Interfaces Abstracts and Workshops (VRW). 576--577 . https:\/\/doi.org\/10.1109\/VRW55335.2022.00139 10.1109\/VRW55335.2022.00139 Yasmeen Abdrabou, Radiah Rivu, Tarek Ammar, Jonathan Liebers, Alia Saad, Carina Liebers, Uwe Gruenefeld, Pascal Knierim, Mohamed Khamis, Ville M\u00e4kel\u00e4, Stefan Schneegass, and Florian Alt. 2022. Understanding Shoulder Surfer Behavior Using Virtual Reality. In 2022 IEEE Conference on Virtual Reality and 3D User Interfaces Abstracts and Workshops (VRW). 576--577. https:\/\/doi.org\/10.1109\/VRW55335.2022.00139"},{"key":"e_1_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1145\/3531073.3531106"},{"key":"e_1_2_1_3_1","volume-title":"A Survey on Smartphones Security: Software Vulnerabilities, Malware, and Attacks. CoRR abs\/2001.09406","author":"Ahvanooey Milad Taleby","year":"2020","unstructured":"Milad Taleby Ahvanooey , Qianmu Li , Mahdi Rabbani , and Ahmed Raza Rajput . 2020. A Survey on Smartphones Security: Software Vulnerabilities, Malware, and Attacks. CoRR abs\/2001.09406 ( 2020 ). arXiv:2001.09406 https: \/\/arxiv.org\/abs\/2001.09406 Milad Taleby Ahvanooey, Qianmu Li, Mahdi Rabbani, and Ahmed Raza Rajput. 2020. A Survey on Smartphones Security: Software Vulnerabilities, Malware, and Attacks. CoRR abs\/2001.09406 (2020). arXiv:2001.09406 https: \/\/arxiv.org\/abs\/2001.09406"},{"key":"e_1_2_1_4_1","first-page":"576","article-title":"PrivacyScout: Assessing Vulnerability to Shoulder Surfing on Mobile Devices","volume":"1","author":"Bace Mihai","year":"2022","unstructured":"Mihai Bace , Alia Saad , Mohamed Khamis , Stefan Schneegass , and Andreas Bulling . 2022 . PrivacyScout: Assessing Vulnerability to Shoulder Surfing on Mobile Devices . In Proceedings on Privacy Enhancing Technologies , Vol. 1. 576 -- 577 . Mihai Bace, Alia Saad, Mohamed Khamis, Stefan Schneegass, and Andreas Bulling. 2022. PrivacyScout: Assessing Vulnerability to Shoulder Surfing on Mobile Devices. In Proceedings on Privacy Enhancing Technologies, Vol. 1. 576--577.","journal-title":"Proceedings on Privacy Enhancing Technologies"},{"key":"e_1_2_1_5_1","unstructured":"VA Brennen. 2005. Cryptography Dictionary. VA Brennen. 2005. Cryptography Dictionary."},{"key":"e_1_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1145\/1378063.1378122"},{"key":"e_1_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1145\/3025453.3025636"},{"key":"e_1_2_1_8_1","volume-title":"Symposium on usable privacy and security (SOUPS). 213--230","author":"Harbach Marian","year":"2014","unstructured":"Marian Harbach , Emanuel Von Zezschwitz , Andreas Fichtner , Alexander De Luca , and Matthew Smith . 2014 . It's a hard lock life: A field study of smartphone (un) locking behavior and risk perception . In Symposium on usable privacy and security (SOUPS). 213--230 . Marian Harbach, Emanuel Von Zezschwitz, Andreas Fichtner, Alexander De Luca, and Matthew Smith. 2014. It's a hard lock life: A field study of smartphone (un) locking behavior and risk perception. In Symposium on usable privacy and security (SOUPS). 213--230."},{"key":"e_1_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1145\/2851581.2892314"},{"key":"e_1_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1145\/3152832.3152851"},{"key":"e_1_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1145\/3136755.3136809"},{"key":"e_1_2_1_12_1","volume-title":"Symposium on Usable Privacy and Security (SOUPS). 207--219","author":"Krombholz Katharina","year":"2016","unstructured":"Katharina Krombholz , Thomas Hupperich , and Thorsten Holz . 2016 . Use the force: Evaluating force-sensitive authentication for mobile devices . In Symposium on Usable Privacy and Security (SOUPS). 207--219 . Katharina Krombholz, Thomas Hupperich, and Thorsten Holz. 2016. Use the force: Evaluating force-sensitive authentication for mobile devices. In Symposium on Usable Privacy and Security (SOUPS). 207--219."},{"key":"e_1_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1109\/MIC.2017.78"},{"key":"e_1_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1145\/1280680.1280683"},{"key":"e_1_2_1_15_1","volume-title":"TinyLock: Affordable defense against smudge attacks on smartphone pattern lock systems. computers & security 42","author":"Kwon Taekyoung","year":"2014","unstructured":"Taekyoung Kwon and Sarang Na. 2014. TinyLock: Affordable defense against smudge attacks on smartphone pattern lock systems. computers & security 42 ( 2014 ), 137--150. Taekyoung Kwon and Sarang Na. 2014. TinyLock: Affordable defense against smudge attacks on smartphone pattern lock systems. computers & security 42 (2014), 137--150."},{"key":"e_1_2_1_16_1","volume-title":"Snooping on Mobile Phones: Prevalence and Trends. In Twelfth Symposium on Usable Privacy and Security (SOUPS 2016","author":"Marques Diogo","year":"2016","unstructured":"Diogo Marques , Ildar Muslukhov , Tiago Guerreiro , Lu\u00eds Carri\u00e7o , and Konstantin Beznosov . 2016 . Snooping on Mobile Phones: Prevalence and Trends. In Twelfth Symposium on Usable Privacy and Security (SOUPS 2016 ). USENIX Association, Denver, CO, 159--174. https:\/\/www.usenix.org\/conference\/soups 2016\/technical-sessions\/presentation\/marques Diogo Marques, Ildar Muslukhov, Tiago Guerreiro, Lu\u00eds Carri\u00e7o, and Konstantin Beznosov. 2016. Snooping on Mobile Phones: Prevalence and Trends. In Twelfth Symposium on Usable Privacy and Security (SOUPS 2016). USENIX Association, Denver, CO, 159--174. https:\/\/www.usenix.org\/conference\/soups2016\/technical-sessions\/presentation\/marques"},{"key":"e_1_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2017.2725199"},{"key":"e_1_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.future.2019.03.007"},{"key":"e_1_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/3282894.3282919"},{"key":"e_1_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/3447526.3472058"},{"key":"e_1_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1145\/2406367.2406384"},{"key":"e_1_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1145\/2632048.2636090"},{"key":"e_1_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2019.2911171"},{"key":"e_1_2_1_24_1","unstructured":"Jake Singh Jackson Wheeler Nicholas Fong and Sanjeev Chaudhary. 2019. A Comparison of Public Cloud Computer Vision Services. Jake Singh Jackson Wheeler Nicholas Fong and Sanjeev Chaudhary. 2019. A Comparison of Public Cloud Computer Vision Services."},{"key":"e_1_2_1_25_1","volume-title":"Tactile One-Time Pad: LeakageResilient Authentication for Smartphones","author":"Uellenbeck Sebastian","unstructured":"Sebastian Uellenbeck , Thomas Hupperich , Christopher Wolf , and Thorsten Holz . 2015. Tactile One-Time Pad: LeakageResilient Authentication for Smartphones . In Financial Cryptography and Data Security, Rainer B\u00f6hme and Tatsuaki Okamoto (Eds.). Springer Berlin Heidelberg , Berlin, Heidelberg , 237--253. Sebastian Uellenbeck, Thomas Hupperich, Christopher Wolf, and Thorsten Holz. 2015. Tactile One-Time Pad: LeakageResilient Authentication for Smartphones. In Financial Cryptography and Data Security, Rainer B\u00f6hme and Tatsuaki Okamoto (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg, 237--253."},{"key":"e_1_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1145\/2702123.2702212"},{"key":"e_1_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1145\/1133265.1133303"},{"key":"e_1_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1109\/MCOM.2014.6766089"},{"key":"e_1_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1109\/TrustCom.2012.198"}],"container-title":["Proceedings of the ACM on Human-Computer Interaction"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3546742","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3546742","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T19:00:40Z","timestamp":1750186840000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3546742"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,9,19]]},"references-count":29,"journal-issue":{"issue":"MHCI","published-print":{"date-parts":[[2022,9,19]]}},"alternative-id":["10.1145\/3546742"],"URL":"https:\/\/doi.org\/10.1145\/3546742","relation":{},"ISSN":["2573-0142"],"issn-type":[{"value":"2573-0142","type":"electronic"}],"subject":[],"published":{"date-parts":[[2022,9,19]]},"assertion":[{"value":"2022-09-20","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}