MSc Defense: Rawan Abulibdeh

Skimming Smartphone PINs under Restrictive Conditions

Advisor: Dr. Hassan Khan
Advisory Committee: Dr. Charlie Obimbo
Advisory Committee: Dr. Stacey Scott

Attacks on Personal Identification Number (PIN) have become more widespread. PIN authentication is not only used in mobile devices but has also been found in bank security (e.g., ATM cards), and security of physical assets (e.g., homes). Mobile phones store nearly every aspect of personal data on it. Therefore, securing the PIN entry is one of the crucial avenues in this technological era. The use of a mobile device in any public area opens up the possibility of a shoulder surfing attacks on the device. In our work, we introduce a new video-based attack on a mobile device to decipher the PINs used for authentication. In our proposal, we use video clips of a person entering their PIN from a distance as far as 6 ft from the attacker. Our approach varies from the previous works as it does not require any visibility of the device's screen or the hand of the person entering the PIN. By using just, the tilt of the corner of the screen when a person enters their PIN, we aim to pinpoint the areas where the persons hand touched the screen and as a result, predict the PIN entered. We also aim to create and provide our own dataset of approximately 900 labelled videos that can be used for future studies.