Mozilla Foundation Security Advisory 2011-45

Inferring keystrokes from motion data

Announced

September 27, 2011

Impact

Moderate

Products

Firefox, SeaMonkey

Fixed in

Firefox 7
SeaMonkey 2.4

Description

University of California, Davis researchers Liang Cai and Hao Chen presented a paper at the 2011 USENIX HotSec workshop on inferring keystrokes from device motion data on mobile devices. Web pages can now receive data similar to the apps studied in that paper and likely present a similar risk. We have decided to limit motion data events to the currently-active tab to prevent the possibility of background tabs attempting to decipher keystrokes the user is entering into the foreground tab.

References

Restrict DeviceMotion to the active document
HotSec '11 Workshop Sessions, "TouchLogger: Inferring Keystrokes on Touch Screen from Smartphone Motion"

Firefox for Desktop

Firefox for Android

Firefox for iOS

Firefox Focus

Firefox Blog

Release Notes

Mozilla Monitor

Facebook Container

Pocket

Mozilla VPN

Firefox Relay

MDN Plus

Fakespot

Mozilla Manifesto

Mozilla Foundation

Leadership

Get involved

Careers

Mozilla Blog

Impact

Firefox Developer Edition

MDN Web Docs

Mozilla Innovation Projects

Common Voice

Mozilla Foundation Security Advisory 2011-45

Inferring keystrokes from motion data

Description

References