MOLE: Motion Leaks Through Smartwatch Sensors

Abstract

This research paper investigates privacy implications of wearable device sensors by demonstrating how motion patterns captured by smartwatch accelerometers and gyroscopes can be used to infer typing behavior and potentially reveal sensitive information.

Research Question

Can motion sensor data from smartwatches leak information about what users are typing on nearby keyboards? Our research demonstrates that attackers can exploit these sensors to infer keystroke patterns with concerning accuracy.

Methodology

• Data Collection: Built a web server using MongoDB to collect terabyte-scale sensor data from smartwatches
• Android Wear App: Developed energy-efficient app to capture accelerometer and gyroscope data via WiFi
• Algorithm Design: Modified Robust Linear Regression to eliminate time deviation
• Pattern Recognition: Designed Frequent Sequence Mining algorithm to recognize sensor data patterns
• Chrome Extension: Captured query history as training labels for machine learning

Key Findings

Our research demonstrated that:

• Smartwatch sensors can capture distinctive motion patterns during typing
• These patterns can be analyzed to infer keystroke sequences
• The attack works even when the smartwatch screen is off
• Certain typing patterns are more vulnerable than others

Impact & Implications

This research highlighted important privacy considerations for wearable devices and contributed to the broader conversation about sensor security. The findings informed recommendations for:

• Operating system-level sensor access controls
• User awareness about sensor permissions
• Hardware-level privacy protections
• Future smartwatch security design

Research Context

This work was conducted during my research internship at Purdue University in 2017, focusing on security and privacy implications of emerging IoT and wearable technologies.