International Journal of Engineering and Advanced Technology (IJEAT) ISSN: 2249 – 8958, Volume-9 Issue-2, December, 2019 1132 Published By: Blue Eyes Intelligence Engineering & Sciences Publication Retrieval Number: B3432129219/2019©BEIESP DOI: 10.35940/ijeat.B3432.129219 Abstract: Over the past years, smartphones have witnessed an alarming rise in embedded sensors which enhance their support for applications. However, they can be regarded as loopholes as seemingly innocuous information can be obtained without any user permissions in Android thus invading the user’s privacy. Our work establishes a side channel attack by illegitimately inferring the information being typed by the user on a smartphone using the readings from ‘zero-permission’ sensors like accelerometer and gyroscope. This serves as a proof of concept to prevent such attacks on mobile devices in the future. While previous research has been conducted in this space, our narrative involves a predictive model using Recurrent Neural Networks that can predict the letters being typed in the keyboard solely based on the motion sensor readings, thus inferring the text. Our research was able to identify 37.5% of the unseen words typed by the user using a very small volume of training data. Our tap detection method has shown 92% accuracy which plays a critical role in the text inference. This research lays the foundation to further progress in this area, thus helping to strengthen the mobile security. Index Terms— Android, Security, Side-channel attack, LSTM I. INTRODUCTION The usage of smart mobile devices for personal and business purposes has seen immense rise in popularity over the last decade. From communication to payments, mobile devices have applications in almost all domains. This drastic shift in the usage of mobile devices has increased the amount of potentially sensitive material and activity performed on them. These smartphones have become increasingly personal and thus privacy has become a crucial issue and much research has been performed on the permissions model governing them. Our work explores one particular way to bypass this security model such that one application can read the data being typed in another application. Sensors like gyroscope, accelerometer and orientation sensors have originally been designed to monitor a user’s location, movement, orientation, altitude and other such potential information. However, previous research has Revised Manuscript Received on December 15, 2019. * Correspondence Author Dr. P Uma Maheswari, School of Computer Science and Engineering, CEG, Anna University, Chennai, India, Email: dr.umasundar@gmail.com Mohamed Yilmaz Ibrahim*, School of Computer Science and Engineering, CEG, Anna University, Chennai, India. Email: mohamedyilmaz98@gmail.com Ramkumar B, School of Computer Science and Engineering, CEG, Anna University, Chennai, India. Email: therealramkumar@gmail.com Aswin Sundar, School of Computer Science and Engineering, CEG, Anna University, Chennai, India. Email: aswinsundar17@gmail.com confirmed that motion sensors can act as a side channel for inferring the user’s keystroke or input information on smartphones. Thus, applications are specifically being designed by attackers to collect data from these motion sensors and perform text inference attacks with the help of machine learning algorithms. This can prove critical to the users as even their sensitive information such as passwords or credit card information can be extracted. The main objectives of this work are as follows: 1) To prove that an app in the background can infer the information being typed in another application through the sensor readings. 2) To employ Deep Learning and Natural Language Processing techniques to deduce the typed information. We employ traditional classification methods such as RMSE as well as deep neural networks to infer the typed sentences. By grouping keyboard keys into larger regions, the tap position can be determined more accurately and a language model is used to localize the region into one of the keys thus improving the overall inference. This paper continues in Section 2 with a discussion of the academic background to this research, Section 3 then explores the system architecture and the design whilst Section 4 discusses the analysis of the experimental data. Finally, the conclusion of the paper is explored in Section 5. II. RELATED WORK According to the work by Genkin et al. [1], the scope of applications in smartphones has seen a drastic increase and as a result they have become more personal making us inseparable from our smartphones. Thus, it becomes crucial for us to secure the mobile devices. TouchLogger [2] was a smartphone application designed to serve the purpose of inferring the keystrokes made on a soft keyboard based exclusively on the vibrations recorded by the smartphone’s motion sensors. Their research had successfully inferred more than 70% of the keystrokes using only the accelerometer sensor of the device. However, this work had a restriction as it has been focused specifically on inferring the keystrokes from a numeric keyboard. Similarly, Xu et al. present TapLogger [3], an approach that looks to infer an individual’s taps on a numeric keyboard using a smartphone’s accelerometer and gyroscope. This work has enhanced functionality as it had laid attention on identifying single taps, which are more susceptible to distortion by linear drift. Deep Learning and NLP based Side Channel Attack for Text Inference in Smartphones P Uma Maheswari, Mohamed Yilmaz Ibrahim, Ramkumar B, Aswin Sundar