Mozilla

Mozilla Foundation Security Advisory 2011-45

Inferring keystrokes from motion data

Announced
September 27, 2011
Impact
Moderate
Products
Firefox, SeaMonkey
Fixed in
  • Firefox 7
  • SeaMonkey 2.4

Description

University of California, Davis researchers Liang Cai and Hao Chen presented a paper at the 2011 USENIX HotSec workshop on inferring keystrokes from device motion data on mobile devices. Web pages can now receive data similar to the apps studied in that paper and likely present a similar risk. We have decided to limit motion data events to the currently-active tab to prevent the possibility of background tabs attempting to decipher keystrokes the user is entering into the foreground tab.

References