TouchSignatures : Identification of User Touch Actions and PINs Based on Mobile Sensor Data via JavaScript
- Submitting institution
-
University of York
- Unit of assessment
- 11 - Computer Science and Informatics
- Output identifier
- 54880577
- Type
- D - Journal article
- DOI
-
10.1016/j.jisa.2015.11.007
- Title of journal
- Journal of Information Security and Applications
- Article number
- -
- First page
- 23
- Volume
- 26
- Issue
- -
- ISSN
- 2214-2126
- Open access status
- Out of scope for open access requirements
- Month of publication
- January
- Year of publication
- 2016
- URL
-
-
- Supplementary information
-
-
- Request cross-referral to
- -
- Output has been delayed by COVID-19
- No
- COVID-19 affected output statement
- -
- Forensic science
- No
- Criminology
- No
- Interdisciplinary
- No
- Number of additional authors
-
3
- Research group(s)
-
-
- Citation count
- 22
- Proposed double-weighted
- No
- Reserve for an output with double weighting
- No
- Additional information
- As a direct result of this work (through responsible disclosure), all four major mobile browsers (Chrome, Firefox, Safari, and Opera) changed their access control policy in their subsequent updates. The vulnerability is acknowledged internationally as CVE-2016-2813. The W3C DeviceOrientation Event Specification standard has been revised with an explicit reference to this work. It inspired research on fine-grained permission models for JavaScript (JavaScript Zero, NDSS 2018) and received substantial international media coverage (BBC, Guardian, others in 10 languages). See cs.york.ac.uk/~siamak/touch-signatures.html for the details of industry impact and media coverage.
- Author contribution statement
- -
- Non-English
- No
- English abstract
- -