{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,8,22]],"date-time":"2025-08-22T12:40:06Z","timestamp":1755866406486,"version":"3.44.0"},"reference-count":57,"publisher":"Association for Computing Machinery (ACM)","issue":"2","content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["Proc. ACM Interact. Mob. Wearable Ubiquitous Technol."],"published-print":{"date-parts":[[2025,6,9]]},"abstract":"<jats:p>Recent years have shown substantial interest in revealing vulnerability issues of keystroke privacy on smartphones and tablets. While significant prior works have leveraged different techniques to compromise the keystroke security of these mobile devices, existing methods are typically executed on the basic assumption of white-box scenarios where the adversary possesses prior knowledge of the victim's device and usage behavior, or they are conducted within a pre-set trap attack environment. These limitations undermine the practicality and real-world applicability of the proposed methods. In this paper, we present KeyPrint, a practical black-box keystroke inference attack system for mobile devices, without requiring any prior knowledge of the victims and attack scenarios. The primary innovation of KeyPrint is the ability to leverage both on-device acoustic source and attenuation path disparities in device medium to create the fingerprint of keystroke position. To enable their differentiation, we design a theoretical model to represent the keystroke position with the keystroke-induced sonic effect (KiSe) captured by built-in microphones. We also propose a novel approach to mitigate the impact of ambient noise and detect keystroke events, which improves KeyPrint's wide-adaptability. Finally, we propose using machine learning to cluster KiSe samples and infer keystroke content from unlabelled clustering results. We implemented KeyPrint on commercial smartphones\/tablets and evaluate the prototypes in typical indoor and outdoor scenarios using different mobile devices. Experiments results demonstrate that KeyPrint can achieve an average accuracy of 55% and 70% for inference on keystroke content when the number of inputted words only reaches 30 and 40, respectively. Leveraging the spatial correlation between numeric and letter keys within the virtual keyboard, KeyPrint effectively reduces the search space for PINs from 10 digits to 10 candidates, with a probability of 63.9%.<\/jats:p>","DOI":"10.1145\/3729493","type":"journal-article","created":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T21:21:56Z","timestamp":1750281716000},"page":"1-30","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":0,"title":["KeyPrint: Practical Black-box Keystroke Inference Attacks to Mobile Devices"],"prefix":"10.1145","volume":"9","author":[{"ORCID":"https:\/\/orcid.org\/0009-0002-9580-1769","authenticated-orcid":false,"given":"Yunpeng","family":"Feng","sequence":"first","affiliation":[{"name":"Hunan University, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8268-2951","authenticated-orcid":false,"given":"Daibo","family":"Liu","sequence":"additional","affiliation":[{"name":"Hunan University, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-7610-3677","authenticated-orcid":false,"given":"Wenqiang","family":"Jin","sequence":"additional","affiliation":[{"name":"Hunan University, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9067-8733","authenticated-orcid":false,"given":"Liangyi","family":"Gong","sequence":"additional","affiliation":[{"name":"Computer Network Information Center, Chinese Academy of Sciences, China"}]}],"member":"320","published-online":{"date-parts":[[2025,6,18]]},"reference":[{"key":"e_1_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1145\/2789168.2790109"},{"key":"e_1_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243755"},{"key":"e_1_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978397"},{"key":"e_1_2_1_4_1","first-page":"2016","article-title":"Privacy leakage in mobile sensing: Your unlock passwords can be leaked through wireless hotspot functionality","author":"Zhang Jie","year":"2016","unstructured":"Jie Zhang, Xiaolong Zheng, Zhanyong Tang, Tianzhang Xing, Xiaojiang Chen, Dingyi Fang, Rong Li, Xiaoqing Gong, and Feng Chen. Privacy leakage in mobile sensing: Your unlock passwords can be leaked through wireless hotspot functionality. Mobile Information Systems 2016, 2016.","journal-title":"Mobile Information Systems"},{"key":"e_1_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2018.00010"},{"key":"e_1_2_1_6_1","volume-title":"Your eyes reveal your secrets: An eye movement based password inference on smartphone","author":"Wang Yao","year":"2019","unstructured":"Yao Wang, Wandong Cai, Tao Gu, and Wei Shao. Your eyes reveal your secrets: An eye movement based password inference on smartphone. IEEE transactions on mobile computing 19(11):2714--2730, 2019."},{"key":"e_1_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1145\/3286978.3287026"},{"key":"e_1_2_1_8_1","first-page":"9","article-title":"Inferring keystrokes on touch screen from smartphone motion","volume":"11","author":"Cai Liang","year":"2011","unstructured":"Liang Cai and Hao Chen. Touchlogger: Inferring keystrokes on touch screen from smartphone motion. HotSec 11(2011):9, 2011.","journal-title":"HotSec"},{"key":"e_1_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1145\/2162081.2162095"},{"key":"e_1_2_1_10_1","first-page":"323","volume-title":"Proceedings of the 10th international conference on Mobile systems, applications, and services (MobiSys'12)","author":"Miluzzo Emiliano","year":"2012","unstructured":"Emiliano Miluzzo, Alexander Varshavsky, Suhrid Balakrishnan, and Romit Roy Choudhury. Tapprints: your finger taps have fingerprints. In Proceedings of the 10th international conference on Mobile systems, applications, and services (MobiSys'12) pages 323--336, 2012."},{"key":"e_1_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1145\/2185448.2185465"},{"key":"e_1_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813668"},{"key":"e_1_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/2897845.2897905"},{"key":"e_1_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.2528\/PIERC13042302"},{"key":"e_1_2_1_15_1","first-page":"1","volume-title":"USENIX security symposium","author":"Vuagnoux Martin","year":"2009","unstructured":"Martin Vuagnoux and Sylvain Pasini. Compromising electromagnetic emanations of wired and wireless keyboards. In USENIX security symposium volume 8, pages 1--16, 2009."},{"key":"e_1_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1109\/CIS.2011.146"},{"key":"e_1_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/3460120.3484549"},{"key":"e_1_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1145\/2897845.2897847"},{"key":"e_1_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1109\/INFOCOM.2018.8485958"},{"key":"e_1_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1109\/INFOCOM.2019.8737591"},{"key":"e_1_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2017.23130"},{"key":"e_1_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICDCS47774.2020.00102"},{"key":"e_1_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1109\/TMC.2021.3137229"},{"volume-title":"https:\/\/www.kaspersky.com\/about\/press-releases\/2021_almost-a-quarter-of-online-users-always-allow-apps","year":"2021","key":"e_1_2_1_24_1","unstructured":"Kaspersky. https:\/\/www.kaspersky.com\/about\/press-releases\/2021_almost-a-quarter-of-online-users-always-allow-apps 2021."},{"key":"e_1_2_1_25_1","volume-title":"February","author":"Enhanced","year":"2024","unstructured":"Enhanced privacy controls with privacy indicators in android 12: https:\/\/source.android.com\/docs\/core\/permissions\/privacy-indicators, February 2024."},{"key":"e_1_2_1_26_1","volume-title":"December","author":"Visual","year":"2023","unstructured":"Visual indicators for microphone and camera usage in ios 14 and later: https:\/\/support.apple.com\/en-us\/108331, December 2023."},{"key":"e_1_2_1_27_1","volume-title":"Apirl","author":"User","year":"2023","unstructured":"User reactions when mobile apps not functioning without user permissions: https:\/\/www.statista.com\/statistics\/1111757\/china-permissions-protect-actions-of-mobile-app-users, Apirl 2023."},{"key":"e_1_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.3991\/ijim.v11i3.6605"},{"key":"e_1_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1145\/3498361.3538937"},{"key":"e_1_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1145\/3386901.3388939"},{"key":"e_1_2_1_31_1","volume-title":"Acoustics---attenuation of sound during propagation outdoors---part 1: Calculation of the absorption of sound by the atmosphere","author":"ISO","year":"1993","unstructured":"ISO 9613-1. Acoustics---attenuation of sound during propagation outdoors---part 1: Calculation of the absorption of sound by the atmosphere, 1993."},{"key":"e_1_2_1_32_1","first-page":"629","volume-title":"IEEE International Conference on Acoustics, Speech, and Signal Processing Conference Proceedings (ICASSP'96)","volume":"2","author":"Pascal","year":"1996","unstructured":"Pascal Scalart et al. Speech enhancement based on a priori signal to noise estimation. In IEEE International Conference on Acoustics, Speech, and Signal Processing Conference Proceedings (ICASSP'96) volume 2, pages 629--632. IEEE, 1996."},{"key":"e_1_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1145\/2594368.2594384"},{"key":"e_1_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2014.23059"},{"key":"e_1_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1162\/014892699559797"},{"key":"e_1_2_1_36_1","first-page":"281","volume-title":"Proceedings of the fifth Berkeley symposium on mathematical statistics and probability","volume":"1","author":"James","year":"1967","unstructured":"James MacQueen et al. Some methods for classification and analysis of multivariate observations. In Proceedings of the fifth Berkeley symposium on mathematical statistics and probability volume 1, pages 281--297. Oakland, CA, USA, 1967."},{"key":"e_1_2_1_37_1","volume-title":"Estimating the number of clusters in a data set via the gap statistic. Journal of the Royal Statistical Society: Series B (Statistical Methodology) 63(2):411--423","author":"Tibshirani Robert","year":"2001","unstructured":"Robert Tibshirani, Guenther Walther, and Trevor Hastie. Estimating the number of clusters in a data set via the gap statistic. Journal of the Royal Statistical Society: Series B (Statistical Methodology) 63(2):411--423, 2001."},{"key":"e_1_2_1_38_1","unstructured":"What speed target should i aim for?"},{"key":"e_1_2_1_39_1","unstructured":"2000 common word list December 2013."},{"key":"e_1_2_1_40_1","unstructured":"3000 common word list Apirl 2015."},{"key":"e_1_2_1_41_1","volume-title":"April","author":"Runtime","year":"2024","unstructured":"Runtime permissions in android 6.0 and higher: https:\/\/developer.android.com\/training\/permissions\/usage-notes, April 2024."},{"key":"e_1_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1145\/2660267.2660360"},{"key":"e_1_2_1_43_1","first-page":"1063","volume-title":"Proceedings of the 2013 ACM SIGSAC conference on Computer and communications security (CCS'13)","author":"Xu Yi","year":"2013","unstructured":"Yi Xu, Jared Heinly, Andrew M White, Fabian Monrose, and Jan-Michael Frahm. Seeing double: Reconstructing obscured typed input from repeated compromising reflections. In Proceedings of the 2013 ACM SIGSAC conference on Computer and communications security (CCS'13) pages 1063--1074, 2013."},{"key":"e_1_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2016.23060"},{"key":"e_1_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2009.20"},{"key":"e_1_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2008.25"},{"key":"e_1_2_1_47_1","first-page":"527","volume-title":"Proceedings of the 18th ACM conference on Computer and communications security (CCS'11)","author":"Raguram Rahul","year":"2011","unstructured":"Rahul Raguram, Andrew M White, Dibyendusekhar Goswami, Fabian Monrose, and Jan-Michael Frahm. ispy: automatic reconstruction of typed input from compromising reflections. In Proceedings of the 18th ACM conference on Computer and communications security (CCS'11) pages 527--536, 2011."},{"key":"e_1_2_1_48_1","doi-asserted-by":"publisher","DOI":"10.1145\/3576915.3623088"},{"key":"e_1_2_1_49_1","doi-asserted-by":"publisher","DOI":"10.1109\/INFOCOM41043.2020.9155447"},{"key":"e_1_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-44371-2_25"},{"key":"e_1_2_1_51_1","doi-asserted-by":"publisher","DOI":"10.1007\/s00145-015-9224-2"},{"key":"e_1_2_1_52_1","doi-asserted-by":"publisher","DOI":"10.1145\/1180405.1180436"},{"key":"e_1_2_1_53_1","doi-asserted-by":"publisher","DOI":"10.1145\/2789168.2790122"},{"key":"e_1_2_1_54_1","volume-title":"Keyboard acoustic emanations revisited. ACM Transactions on Information and System Security (TISSEC'09) 13(1):1--26","author":"Zhuang Li","year":"2009","unstructured":"Li Zhuang, Feng Zhou, and J Doug Tygar. Keyboard acoustic emanations revisited. ACM Transactions on Information and System Security (TISSEC'09) 13(1):1--26, 2009."},{"key":"e_1_2_1_55_1","doi-asserted-by":"publisher","DOI":"10.1145\/2660267.2660296"},{"key":"e_1_2_1_56_1","first-page":"155","volume-title":"Proceedings of the 21st Annual International Conference on Mobile Computing and Networking, MobiCom 2015","author":"Wang He","year":"2015","unstructured":"He Wang, Ted Tsung-Te Lai, and Romit Roy Choudhury. Mole: Motion leaks through smartwatch sensors. In Proceedings of the 21st Annual International Conference on Mobile Computing and Networking, MobiCom 2015, Paris, France, September 7-11, 2015 pages 155--166. ACM, 2015."},{"key":"e_1_2_1_57_1","first-page":"3033","volume-title":"Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security, CCS 2022","author":"Yang Edwin","year":"2022","unstructured":"Edwin Yang, Qiuye He, and Song Fang. WINK: wireless inference of numerical keystrokes via zero-training spatiotemporal analysis. In Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security, CCS 2022, Los Angeles, CA, USA, November 7-11, 2022 pages 3033--3047. ACM, 2022."}],"container-title":["Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3729493","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,8,22]],"date-time":"2025-08-22T12:25:01Z","timestamp":1755865501000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3729493"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,6,9]]},"references-count":57,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2025,6,9]]}},"alternative-id":["10.1145\/3729493"],"URL":"https:\/\/doi.org\/10.1145\/3729493","relation":{},"ISSN":["2474-9567"],"issn-type":[{"type":"electronic","value":"2474-9567"}],"subject":[],"published":{"date-parts":[[2025,6,9]]},"assertion":[{"value":"2025-06-18","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}