From electromyogram to password: Exploring the privacy impact of wearables in augmented reality

Ruide Zhang, Ning Zhang, Changlai Du, Wenjing Lou, Y. Thomas Hou, Yuichi Kawamoto

Research output: Contribution to journalArticle

2 Citations (Scopus)

Abstract

With the increasing popularity of augmented reality (AR) services, providing seamless human-computer interactions in the AR setting has received notable attention in the industry. Gesture control devices have recently emerged to be the next great gadgets for AR due to their unique ability to enable computer interaction with day-to-day gestures. While these AR devices are bringing revolutions to our interaction with the cyber world, it is also important to consider potential privacy leakages from these always-on wearable devices. Specifically, the coarse access control on current AR systems could lead to possible abuse of sensor data. Although the always-on gesture sensors are frequently quoted as a privacy concern, there has not been any study on information leakage of these devices. In this article, we present our study on side-channel information leakage of the most popular gesture control device, Myo. Using signals recorded from the electromyo-graphy (EMG) sensor and accelerometers on Myo, we can recover sensitive information such as passwords typed on a keyboard and PIN sequence entered through a touchscreen. EMG signal records subtle electric currents of muscle contractions. We design novel algorithms based on dynamic cumulative sum and wavelet transform to determine the exact time of finger movements. Furthermore, we adopt the Hudgins feature set in a support vector machine to classify recorded signal segments into individual fingers or numbers. We also apply coordinate transformation techniques to recover fine-grained spatial information with low-fidelity outputs from the sensor in keystroke recovery. We evaluated the information leakage using data collected from a group of volunteers. Our results show that there is severe privacy leakage from these commodity wearable sensors. Our system recovers complex passwords constructed with lowercase letters, uppercase letters, numbers, and symbols with a mean success rate of 91%.

Original languageEnglish
Article number13
JournalACM Transactions on Intelligent Systems and Technology
Volume9
Issue number1
DOIs
Publication statusPublished - 2017 Sep

Keywords

  • Augmented reality
  • EMG side-channel
  • Information leakage
  • Keystroke detection
  • PIN sequence inference

ASJC Scopus subject areas

  • Theoretical Computer Science
  • Artificial Intelligence

Fingerprint Dive into the research topics of 'From electromyogram to password: Exploring the privacy impact of wearables in augmented reality'. Together they form a unique fingerprint.

  • Cite this