UltraPIN: Inferring PIN entries via ultrasound

Author

LIU
Ximing
Robert H. DENG, Singapore Management UniversityFollow
Robert H. DENG

Publication Type

Conference Proceeding Article

Version

publishedVersion

Publication Date

6-2021

Abstract

While PIN-based user authentication systems such as ATM have long been considered to be secure enough, they are facing new attacks, named UltraPIN, which can be launched from commodity smartphones. As a target user enters a PIN on a PIN-based user authentication system, an attacker may use UltraPIN to infer the PIN from a short distance (50 cm to 100 cm). In this process, UltraPIN leverages smartphone speakers to issue human-inaudible ultrasound signals and uses smartphone microphones to keep recording acoustic signals. It applies a series of signal processing techniques to extract high-quality feature vectors from low-energy and high-noise signals and then applies a combination of machine learning models to classify finger movement patterns during PIN entry and generate a ranked list of highly possible PINs as result. Rigorous experiments show that UltraPIN is highly effective and robust in PIN inference

Keywords

acoustic attack, authentication, doppler effect, PIN

Discipline

Computer and Systems Architecture | Information Security

Research Areas

Cybersecurity

Publication

Proceedings of the ACM Asia Conference on Computer and Communications Security (ACM ASIACCS 2021)

First Page

944

Last Page

957

ISBN

9781450382878

Identifier

10.1145/3433210.3453075

City or Country

Online

Citation

LIU; Ximing; DENG, Robert H.; and DENG, Robert H.. UltraPIN: Inferring PIN entries via ultrasound. (2021). Proceedings of the ACM Asia Conference on Computer and Communications Security (ACM ASIACCS 2021). 944-957.
Available at: https://ink.library.smu.edu.sg/sis_research/6453

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-No Derivative Works 4.0 International License.