Nearly every modern mobile device includes two cameras.
With advances in technology the resolution of these
sensors has constantly increased. While this development
provides great convenience for users, for example
with video-telephony or as dedicated camera replacement,
the secu
...
Nearly every modern mobile device includes two cameras.
With advances in technology the resolution of these
sensors has constantly increased. While this development
provides great convenience for users, for example
with video-telephony or as dedicated camera replacement,
the security implications of including high resolution
cameras on such devices has yet to be considered in
greater detail. With this paper we demonstrate that an
attacker may abuse the cameras in modern smartphones
to extract valuable information from a victim. First, we
consider exploiting a front-facing camera to capture a
user’s keystrokes. By observing facial reflections, it is
possible to capture user input with the camera. Subsequently,
individual keystrokes can be extracted from
the images acquired with the camera. Furthermore, we
demonstrate that these cameras can be used by an attacker
to extract and forge the fingerprints of a victim.
This enables an attacker to perform a wide range of malicious
actions, including authentication bypass on modern
biometric systems and falsely implicating a person
by planting fingerprints in a crime scene. Finally, we
introduce several mitigation strategies for the identified
threats.@en
