|Yang Liu||City University of Hong Kong, Hong Kong|
|Zhenjiang Li||City University of Hong Kong, Hong Kong|
We revisit a crucial privacy problem in this paper-can the sensitive information, like the passwords and personal data, frequently typed by user on mobile devices be inferred through the motion sensors of wearable device on user's wrist, e.g., smart watch or wrist band? Existing works have achieved the initial success under certain context-aware conditions, such as 1) the horizontal keypad plane, 2) the known keyboard size, 3) and/or the last keystroke on a fixed "enter" button. Taking one step further, the key contribution of this paper is to fully demonstrate, more importantly alarm people, the further risks of typing privacy leakage in much more generalized context-free scenarios, which are related to most of us for the daily usage of mobile devices. We validate this feasibility by addressing a series of unsolved challenges and developing a prototype system aLeak. Extensive experiments show the efficacy of aLeak, which achieves promising successful rates in the attack from more than 300 rounds of different users' typings on various mobile platforms without any context-related information.