Capacitive Touchscreens at Risk: Recovering Handwritten Trajectory on Smartphone via Electromagnetic Emanations

Changhai Ou; Shihui Zheng; Shiyu Zhu; Xingshuo Han; Yuan Li; Yukun Cheng

arxiv: 2512.11484 · v1 · pith:OYRSQHBZnew · submitted 2025-12-12 · 💻 cs.CR · cs.AI

Capacitive Touchscreens at Risk: Recovering Handwritten Trajectory on Smartphone via Electromagnetic Emanations

Yukun Cheng , Shiyu Zhu , Changhai Ou , Xingshuo Han , Yuan Li , Shihui Zheng This is my paper

Pith reviewed 2026-05-16 23:20 UTC · model grok-4.3

classification 💻 cs.CR cs.AI

keywords electromagnetic side channelcapacitive touchscreenhandwriting trajectory recoverysmartphone securityside-channel attackTESLA framework

0 comments

The pith

Electromagnetic emissions from smartphone capacitive touchscreens can be used to reconstruct continuous handwritten trajectories in real time.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper establishes that writing on a capacitive touchscreen generates electromagnetic signals carrying enough detail to recover the exact path traced by a finger or stylus. The authors develop TESLA, a framework that captures these signals from nearby and converts them into accurate two-dimensional trajectories without touching the device. Evaluations on multiple commercial phones show 77 percent character recognition accuracy and a 0.74 Jaccard index for trajectory similarity under realistic conditions. A reader should care because this side-channel attack could expose private handwriting such as notes, signatures, or passwords without visual or physical access to the screen.

Core claim

The paper claims that the electromagnetic side channel of capacitive touchscreens leaks sufficient information to recover fine-grained, continuous handwriting trajectories. TESLA captures EM signals generated during on-screen writing and regresses them into two-dimensional handwriting trajectories in real time, achieving 77 percent character recognition accuracy and a Jaccard index of 0.74 across a variety of commercial off-the-shelf smartphones under realistic attack conditions.

What carries the argument

TESLA, the non-contact attack framework that captures electromagnetic signals during touchscreen writing and performs real-time regression to 2D trajectories.

If this is right

Handwriting trajectories recovered from EM signals closely resemble the original input and support character recognition at 77 percent accuracy.
The attack functions in real time on multiple commercial smartphones without requiring physical contact.
The method works under realistic attack conditions including varied devices and environments.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

The same EM leakage could potentially reveal other touch-based inputs such as PIN entry or drawing gestures.
Practical deployment would depend on attacker proximity and the ability to filter environmental noise.
Device manufacturers might need to add shielding or randomize screen signal patterns to block such recovery.

Load-bearing premise

The assumption that EM signals generated during on-screen writing contain sufficient distinguishable information to enable accurate real-time regression to 2D trajectories across varied COTS smartphones and realistic environmental conditions.

What would settle it

An experiment in which captured EM signals from a new smartphone model or in a noisy real-world setting yield trajectories with Jaccard index below 0.4 would show that the leakage does not support reliable recovery.

Figures

Figures reproduced from arXiv: 2512.11484 by Changhai Ou, Shihui Zheng, Shiyu Zhu, Xingshuo Han, Yuan Li, Yukun Cheng.

**Figure 2.** Figure 2: EM emanation measurements for touch interac [PITH_FULL_IMAGE:figures/full_fig_p004_2.png] view at source ↗

**Figure 3.** Figure 3: Overview of the TESLA [PITH_FULL_IMAGE:figures/full_fig_p005_3.png] view at source ↗

**Figure 4.** Figure 4: Evaluation results of touch position recovery. [PITH_FULL_IMAGE:figures/full_fig_p005_4.png] view at source ↗

**Figure 5.** Figure 5: Comparisons of handwriting trajectory and recov [PITH_FULL_IMAGE:figures/full_fig_p006_5.png] view at source ↗

**Figure 6.** Figure 6: Confusion matrix of character recognition results. [PITH_FULL_IMAGE:figures/full_fig_p006_6.png] view at source ↗

read the original abstract

This paper reveals and exploits a critical security vulnerability: the electromagnetic (EM) side channel of capacitive touchscreens leaks sufficient information to recover fine-grained, continuous handwriting trajectories. We present Touchscreen Electromagnetic Side-channel Leakage Attack (TESLA), a non-contact attack framework that captures EM signals generated during on-screen writing and regresses them into two-dimensional (2D) handwriting trajectories in real time. Extensive evaluations across a variety of commercial off-the-shelf (COTS) smartphones show that TESLA achieves 77% character recognition accuracy and a Jaccard index of 0.74, demonstrating its capability to recover highly recognizable motion trajectories that closely resemble the original handwriting under realistic attack conditions.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Desk Editor's Note private letter to a colleague

TESLA shows EM emanations from capacitive touchscreens can regress to recognizable 2D handwriting trajectories on multiple phones, but cross-device generalization is the weakest part of the claim.

read the letter

The paper's main contribution is TESLA, a framework that captures EM signals from smartphone touchscreens during handwriting and regresses them back to continuous 2D trajectories in real time. It reports 77% character recognition accuracy and a 0.74 Jaccard index across several COTS devices, which suggests the leaked signals carry usable motion information under the conditions they tested. Moving from discrete tap detection to full trajectory recovery is a clear step beyond most prior touchscreen side-channel work, and running the attack on multiple commercial phones gives the results some breadth. The empirical approach fits the domain, and the numbers are specific enough to evaluate rather than vague claims. The soft spot is generalization. The central attack scenario requires the regression to work across varied phones without per-device retraining or heavy calibration, yet the reported results do not clearly demonstrate transfer. If the models are largely device-specific, the practical threat shrinks because an attacker would need access to train on the target hardware. Environmental noise, writing style variation, and exact regression architecture are also light on detail in the abstract, which makes it harder to judge robustness outside controlled settings. This is the kind of paper that belongs in a hardware security reading group. People working on EM leakage or mobile input privacy would find the concrete metrics useful to discuss. It deserves peer review because the core demonstration is grounded in measurements on real devices and the limitations are fixable with more cross-device tests and method details rather than being load-bearing flaws.

Referee Report

2 major / 2 minor

Summary. The paper introduces TESLA, a non-contact attack that captures electromagnetic emanations from capacitive touchscreens during on-screen handwriting on smartphones and regresses the signals to recover 2D trajectories in real time. Evaluations on multiple commercial off-the-shelf devices report 77% character recognition accuracy and a Jaccard index of 0.74, claiming the recovered trajectories are highly recognizable under realistic conditions.

Significance. If the results hold under the claimed conditions, the work identifies a practical EM side-channel vulnerability in widely deployed touchscreen hardware, with direct implications for the confidentiality of handwritten input on mobile devices. The use of COTS smartphones for empirical testing is a positive aspect of the evaluation design.

major comments (2)

[§4 (Evaluation)] The central claim of cross-device generalization (abstract and §4) is not supported by explicit evidence that the regression model transfers without per-device retraining or calibration; the reported accuracies could arise from device-specific training rather than a general attack, directly undermining the practicality argument.
[§3 and §4] §3 (Methodology) and §4 lack full details on the regression architecture, feature extraction, training procedure, error bars, data exclusion criteria, and baseline comparisons, preventing verification of the 77% accuracy and 0.74 Jaccard index under realistic conditions.

minor comments (2)

[§4] Clarify the exact list of tested smartphone models, sampling rates, and environmental noise levels in the evaluation setup.
[Discussion] Add a dedicated limitations section discussing assumptions about screen orientation, writing speed, and signal capture distance.

Simulated Author's Rebuttal

2 responses · 0 unresolved

We thank the referee for the constructive feedback on our manuscript. We address the two major comments below and will incorporate revisions to improve clarity and reproducibility.

read point-by-point responses

Referee: [§4 (Evaluation)] The central claim of cross-device generalization (abstract and §4) is not supported by explicit evidence that the regression model transfers without per-device retraining or calibration; the reported accuracies could arise from device-specific training rather than a general attack, directly undermining the practicality argument.

Authors: We appreciate this observation. The evaluations in §4 were performed using a model trained on data pooled from multiple COTS devices and tested on held-out devices without per-device retraining or calibration steps. The reported 77% accuracy and 0.74 Jaccard index reflect this cross-device transfer setting under realistic conditions. To make the protocol fully explicit and address the concern, we will add a dedicated paragraph and table in the revised §4 detailing the exact train/test device splits and transfer results. This will strengthen the practicality argument without altering the original claims. revision: partial
Referee: [§3 and §4] §3 (Methodology) and §4 lack full details on the regression architecture, feature extraction, training procedure, error bars, data exclusion criteria, and baseline comparisons, preventing verification of the 77% accuracy and 0.74 Jaccard index under realistic conditions.

Authors: We agree that additional details are required for reproducibility. In the revised manuscript we will expand §3 with the complete regression architecture (including layer types, dimensions, and activation functions), the full feature extraction pipeline from raw EM signals, training procedure (dataset splits, optimizer settings, epochs, and loss function), error bars computed over multiple independent runs, explicit data exclusion criteria (e.g., SNR thresholds for noisy samples), and comparisons against baselines such as linear regression and simpler CNN models. These additions will enable independent verification of the reported metrics. revision: yes

Circularity Check

0 steps flagged

No circularity: empirical regression on captured EM signals

full rationale

The paper presents TESLA as an empirical attack that captures EM emanations during on-screen writing and applies regression to recover 2D trajectories. Reported metrics (77% character accuracy, 0.74 Jaccard index) are obtained from experimental evaluations on multiple COTS smartphones under realistic conditions. No equations, derivations, or predictions are shown that reduce to fitted parameters or self-referential definitions by construction. The central claim rests on signal capture and data-driven modeling rather than any load-bearing self-citation chain or ansatz smuggled via prior work. This is a standard empirical security study whose results are externally falsifiable via replication on the same hardware.

Axiom & Free-Parameter Ledger

0 free parameters · 2 axioms · 0 invented entities

The central claim rests on domain assumptions about EM leakage and signal-to-trajectory mapping; no free parameters or invented entities are explicitly introduced in the abstract. Full details unavailable.

axioms (2)

domain assumption Electromagnetic emanations from capacitive touchscreens during writing contain sufficient information about the 2D trajectory
Foundational premise for the attack feasibility stated in the abstract
domain assumption Regression models can map captured EM signals to accurate 2D coordinates in real time
Core mechanism for trajectory recovery described in the abstract

pith-pipeline@v0.9.0 · 5425 in / 1261 out tokens · 56171 ms · 2026-05-16T23:20:40.530547+00:00 · methodology

discussion (0)

Reference graph

Works this paper leans on

27 extracted references · 27 canonical work pages

[1]

Apple. 2023. IOS Device Compatibility Reference. https://developer. apple.com/library/archive/documentation/DeviceInformation/Reference/ iOSDeviceCompatibility/Displays/Displays.html#//apple_ref/doc/uid/ TP40013599-CH108-SW5&xcust=1-1-230654-1-0-0-0-0&sref=https: //www.macworld.com/article/230654/iphone-x-samples-touch-input-at- 120hz-for-faster-smoother-...

work page 2023
[2]

Aviv, Benjamin Sapp, Matt Blaze, and Jonathan M

Adam J. Aviv, Benjamin Sapp, Matt Blaze, and Jonathan M. Smith. 2012. Practi- cality of accelerometer side channels on smartphones. In 28th Annual Computer Security Applications Conference, ACSAC 2012, Orlando, FL, USA, 3-7 December 2012, Robert H’obbes’ Zakon (Ed.). ACM, 41–50

work page 2012
[3]

Liang Cai and Hao Chen. 2011. TouchLogger: Inferring Keystrokes on Touch Screen from Smartphone Motion. In 6th USENIX Workshop on Hot Topics in Secu- rity, HotSec’11, San Francisco, CA, USA, August 9, 2011, Patrick D. McDaniel (Ed.). USENIX Association

work page 2011
[4]

Patrick Cronin, Xing Gao, Chengmo Yang, and Haining Wang. 2021. Charger- Surfing: Exploiting a Power Line Side-Channel for Smartphone Information Leakage. In 30th USENIX Security Symposium, USENIX Security 2021, August 11- 13, 2021 , Michael D. Bailey and Rachel Greenstadt (Eds.). USENIX Association, 681–698

work page 2021
[5]

Berkay Celik

Habiba Farrukh, Tinghan Yang, Hanwen Xu, Yuxuan Yin, He Wang, and Z. Berkay Celik. 2021. S3: Side-Channel Attack on Stylus Pencil through Sensors. Proc. ACM Interact. Mob. Wearable Ubiquitous Technol. 5, 1 (2021), 8:1–8:25

work page 2021
[6]

Huawei. 2022. HUA WEI Mate 30 Pro Specifications. https://consumer.huawei. com/au/phones/mate30-pro/specs/

work page 2022
[7]

Paul Jaccard. 1912. The distribution of the flora in the alpine zone. 1. New phy- tologist 11, 2 (1912), 37–50

work page 1912
[8]

Wenqiang Jin, Srinivasan Murali, Huadi Zhu, and Ming Li. 2021. Periscope: A keystroke inference attack using human coupled electromagnetic emanations. In Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communi- cations Security. 700–714

work page 2021
[9]

Oh-Kyong Kwon, Jae-Sung An, and Seong-Kwan Hong. 2018. Capacitive touch systems with styli for touch sensors: A review. IEEE Sensors journal 18, 12 (2018), 4832–4846

work page 2018
[10]

Zhuoran Liu, Niels Samwel, Leo Weissbart, Zhengyu Zhao, Dirk Lauret, Lejla Batina, and Martha A. Larson. 2021. Screen Gleaning: A Screen Reading TEM- PEST Attack on Mobile Devices Exploiting an Electromagnetic Side Channel. In 28th Annual Network and Distributed System Security Symposium, NDSS 2021, virtually, February 21-25, 2021 . The Internet Society

work page 2021
[11]

Tao Ni, Xiaokuan Zhang, and Qingchuan Zhao. 2023. Recovering Fingerprints from In-Display Fingerprint Sensors via Electromagnetic Side Channel. In Pro- ceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security, CCS 2023, Copenhagen, Denmark, November 26-30, 2023 , Weizhi Meng, Christian Damsgaard Jensen, Cas Cremers, and Engin Kir...

work page 2023
[12]

Tao Ni, Xiaokuan Zhang, Chaoshun Zuo, Jianfeng Li, Zhenyu Yan, Wubing Wang, Weitao Xu, Xiapu Luo, and Qingchuan Zhao. 2023. Uncovering User Interactions on Smartphones via Contactless Wireless Charging Side Channels. In 44th IEEE Symposium on Security and Privacy, SP 2023, San Francisco, CA, USA, May 21-25, 2023 . IEEE, 3399–3415

work page 2023
[13]

Samsung. 2021. Specifications | Samsung Galaxy S10. https://www.samsung. com/latin_en/smartphones/galaxy-s10/specs/

work page 2021
[14]

Ray Smith. 2007. An Overview of the Tesseract OCR Engine. In ICDAR ’07: Proceedings of the Ninth International Conference on Document Analysis and Recognition. IEEE Computer Society, Washington, DC, USA, 629–633. https: //storage.googleapis.com/pub-tools-public-publication-data/pdf/33418.pdf

work page 2007
[15]

Raphael Spreitzer. 2014. Pin skimming: Exploiting the ambient-light sensor in mobile devices. In Proceedings of the 4th ACM Workshop on Security and Privacy in Smartphones & Mobile Devices . 51–62

work page 2014
[16]

Mariam Taktak, Slim Triki, and Anas Kamoun. 2017. 3D Handwriting Charac- ters Recognition with Symbolic-Based Similarity Measure of Gyroscope Signals Embedded in Smart Phone. In 14th IEEE/ACS International Conference on Com- puter Systems and Applications, AICCSA 2017, Hammamet, Tunisia, October 30 - Nov. 3, 2017. IEEE Computer Society, 319–326

work page 2017
[17]

Kai Wang, Richard Mitev, Chen Yan, Xiaoyu Ji, Ahmad-Reza Sadeghi, and Wenyuan Xu. 2022. GhostTouch: Targeted Attacks on Touchscreens with- out Physical Touch. In 31st USENIX Security Symposium, USENIX Security 2022, Boston, MA, USA, August 10-12, 2022 , Kevin R. B. Butler and Kurt Thomas (Eds.). USENIX Association, 1543–1559

work page 2022
[18]

Kai Wang, Richard Mitev, Chen Yan, Xiaoyu Ji, Ahmad-Reza Sadeghi, and Wenyuan Xu. 2022. {GhostTouch}: Targeted attacks on touchscreens without physical touch. In 31st USENIX Security Symposium (USENIX Security 22) . 1543– 1559

work page 2022
[19]

Teng Wei and Xinyu Zhang. 2015. mTrack: High-Precision Passive Tracking Us- ing Millimeter Wave Radios. In Proceedings of the 21st Annual International Con- ference on Mobile Computing and Networking, MobiCom 2015, Paris, France, Sep- tember 7-11, 2015, Serge Fdida, Giovanni Pau, Sneha Kumar Kasera, and Heather Zheng (Eds.). ACM, 117–129

work page 2015
[20]

Xiaomi. 2025. Mi 10 Pro FAQ. https://www.mi.com/global/support/faq/details/ KA-07244/

work page 2025
[21]

Tuo Yu, Haiming Jin, and Klara Nahrstedt. 2016. WritingHacker: audio based eavesdropping of handwriting via mobile devices. In Proceedings of the 2016 ACM International Joint Conference on Pervasive and Ubiquitous Computing, Ubi- Comp 2016, Heidelberg, Germany, September 12-16, 2016, Paul Lukowicz, Antonio Krüger, Andreas Bulling, Youn-Kyung Lim, and Shwe...

work page 2016
[22]

Tuo Yu, Haiming Jin, and Klara Nahrstedt. 2020. Mobile Devices based Eaves- dropping of Handwriting. IEEE Trans. Mob. Comput. 19, 7 (2020), 1649–1663

work page 2020
[23]

Spinning Language Models: Risks of Propaganda-As-A-Service and Countermeasures , url=

Zihao Zhan, Zhenkai Zhang, Sisheng Liang, Fan Yao, and Xenofon D. Kout- soukos. 2022. Graphics Peeping Unit: Exploiting EM Side-Channel Information of GPUs to Eavesdrop on Your Neighbors. In 43rd IEEE Symposium on Security and Privacy, SP 2022, San Francisco, CA, USA, May 22-26, 2022 . IEEE, 1440–1457. doi:10.1109/SP46214.2022.9833773

work page doi:10.1109/sp46214.2022.9833773 2022
[24]

Maotian Zhang, Panlong Yang, Chang Tian, Lei Shi, Shaojie Tang, and Fu Xiao

work page
[25]

SoundWrite: Text Input on Surfaces through Mobile Acoustic Sensing. In Proceedings of the 1st International Workshop on Experiences with the Design and Implementation of Smart Objects, SmartObjects@MobiCom 2015, Paris, France, September 7, 2015 , Pietro Manzoni, Claudio E. Palazzi, and Armir Bujari (Eds.). ACM, 13–17

work page 2015
[26]

Shichen Zhang, Qijun Wang, Maolin Gan, Zhichao Cao, and Huacheng Zeng

work page
[27]

In 32nd Annual Network and Distributed System Security Symposium, NDSS 2025, San Diego, California, USA, February 24-28, 2025

RadSee: See Your Handwriting Through Walls Using FMCW Radar. In 32nd Annual Network and Distributed System Security Symposium, NDSS 2025, San Diego, California, USA, February 24-28, 2025 . The Internet Society

work page 2025

[1] [1]

Apple. 2023. IOS Device Compatibility Reference. https://developer. apple.com/library/archive/documentation/DeviceInformation/Reference/ iOSDeviceCompatibility/Displays/Displays.html#//apple_ref/doc/uid/ TP40013599-CH108-SW5&xcust=1-1-230654-1-0-0-0-0&sref=https: //www.macworld.com/article/230654/iphone-x-samples-touch-input-at- 120hz-for-faster-smoother-...

work page 2023

[2] [2]

Aviv, Benjamin Sapp, Matt Blaze, and Jonathan M

Adam J. Aviv, Benjamin Sapp, Matt Blaze, and Jonathan M. Smith. 2012. Practi- cality of accelerometer side channels on smartphones. In 28th Annual Computer Security Applications Conference, ACSAC 2012, Orlando, FL, USA, 3-7 December 2012, Robert H’obbes’ Zakon (Ed.). ACM, 41–50

work page 2012

[3] [3]

Liang Cai and Hao Chen. 2011. TouchLogger: Inferring Keystrokes on Touch Screen from Smartphone Motion. In 6th USENIX Workshop on Hot Topics in Secu- rity, HotSec’11, San Francisco, CA, USA, August 9, 2011, Patrick D. McDaniel (Ed.). USENIX Association

work page 2011

[4] [4]

Patrick Cronin, Xing Gao, Chengmo Yang, and Haining Wang. 2021. Charger- Surfing: Exploiting a Power Line Side-Channel for Smartphone Information Leakage. In 30th USENIX Security Symposium, USENIX Security 2021, August 11- 13, 2021 , Michael D. Bailey and Rachel Greenstadt (Eds.). USENIX Association, 681–698

work page 2021

[5] [5]

Berkay Celik

Habiba Farrukh, Tinghan Yang, Hanwen Xu, Yuxuan Yin, He Wang, and Z. Berkay Celik. 2021. S3: Side-Channel Attack on Stylus Pencil through Sensors. Proc. ACM Interact. Mob. Wearable Ubiquitous Technol. 5, 1 (2021), 8:1–8:25

work page 2021

[6] [6]

Huawei. 2022. HUA WEI Mate 30 Pro Specifications. https://consumer.huawei. com/au/phones/mate30-pro/specs/

work page 2022

[7] [7]

Paul Jaccard. 1912. The distribution of the flora in the alpine zone. 1. New phy- tologist 11, 2 (1912), 37–50

work page 1912

[8] [8]

Wenqiang Jin, Srinivasan Murali, Huadi Zhu, and Ming Li. 2021. Periscope: A keystroke inference attack using human coupled electromagnetic emanations. In Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communi- cations Security. 700–714

work page 2021

[9] [9]

Oh-Kyong Kwon, Jae-Sung An, and Seong-Kwan Hong. 2018. Capacitive touch systems with styli for touch sensors: A review. IEEE Sensors journal 18, 12 (2018), 4832–4846

work page 2018

[10] [10]

Zhuoran Liu, Niels Samwel, Leo Weissbart, Zhengyu Zhao, Dirk Lauret, Lejla Batina, and Martha A. Larson. 2021. Screen Gleaning: A Screen Reading TEM- PEST Attack on Mobile Devices Exploiting an Electromagnetic Side Channel. In 28th Annual Network and Distributed System Security Symposium, NDSS 2021, virtually, February 21-25, 2021 . The Internet Society

work page 2021

[11] [11]

Tao Ni, Xiaokuan Zhang, and Qingchuan Zhao. 2023. Recovering Fingerprints from In-Display Fingerprint Sensors via Electromagnetic Side Channel. In Pro- ceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security, CCS 2023, Copenhagen, Denmark, November 26-30, 2023 , Weizhi Meng, Christian Damsgaard Jensen, Cas Cremers, and Engin Kir...

work page 2023

[12] [12]

Tao Ni, Xiaokuan Zhang, Chaoshun Zuo, Jianfeng Li, Zhenyu Yan, Wubing Wang, Weitao Xu, Xiapu Luo, and Qingchuan Zhao. 2023. Uncovering User Interactions on Smartphones via Contactless Wireless Charging Side Channels. In 44th IEEE Symposium on Security and Privacy, SP 2023, San Francisco, CA, USA, May 21-25, 2023 . IEEE, 3399–3415

work page 2023

[13] [13]

Samsung. 2021. Specifications | Samsung Galaxy S10. https://www.samsung. com/latin_en/smartphones/galaxy-s10/specs/

work page 2021

[14] [14]

Ray Smith. 2007. An Overview of the Tesseract OCR Engine. In ICDAR ’07: Proceedings of the Ninth International Conference on Document Analysis and Recognition. IEEE Computer Society, Washington, DC, USA, 629–633. https: //storage.googleapis.com/pub-tools-public-publication-data/pdf/33418.pdf

work page 2007

[15] [15]

Raphael Spreitzer. 2014. Pin skimming: Exploiting the ambient-light sensor in mobile devices. In Proceedings of the 4th ACM Workshop on Security and Privacy in Smartphones & Mobile Devices . 51–62

work page 2014

[16] [16]

Mariam Taktak, Slim Triki, and Anas Kamoun. 2017. 3D Handwriting Charac- ters Recognition with Symbolic-Based Similarity Measure of Gyroscope Signals Embedded in Smart Phone. In 14th IEEE/ACS International Conference on Com- puter Systems and Applications, AICCSA 2017, Hammamet, Tunisia, October 30 - Nov. 3, 2017. IEEE Computer Society, 319–326

work page 2017

[17] [17]

Kai Wang, Richard Mitev, Chen Yan, Xiaoyu Ji, Ahmad-Reza Sadeghi, and Wenyuan Xu. 2022. GhostTouch: Targeted Attacks on Touchscreens with- out Physical Touch. In 31st USENIX Security Symposium, USENIX Security 2022, Boston, MA, USA, August 10-12, 2022 , Kevin R. B. Butler and Kurt Thomas (Eds.). USENIX Association, 1543–1559

work page 2022

[18] [18]

Kai Wang, Richard Mitev, Chen Yan, Xiaoyu Ji, Ahmad-Reza Sadeghi, and Wenyuan Xu. 2022. {GhostTouch}: Targeted attacks on touchscreens without physical touch. In 31st USENIX Security Symposium (USENIX Security 22) . 1543– 1559

work page 2022

[19] [19]

Teng Wei and Xinyu Zhang. 2015. mTrack: High-Precision Passive Tracking Us- ing Millimeter Wave Radios. In Proceedings of the 21st Annual International Con- ference on Mobile Computing and Networking, MobiCom 2015, Paris, France, Sep- tember 7-11, 2015, Serge Fdida, Giovanni Pau, Sneha Kumar Kasera, and Heather Zheng (Eds.). ACM, 117–129

work page 2015

[20] [20]

Xiaomi. 2025. Mi 10 Pro FAQ. https://www.mi.com/global/support/faq/details/ KA-07244/

work page 2025

[21] [21]

Tuo Yu, Haiming Jin, and Klara Nahrstedt. 2016. WritingHacker: audio based eavesdropping of handwriting via mobile devices. In Proceedings of the 2016 ACM International Joint Conference on Pervasive and Ubiquitous Computing, Ubi- Comp 2016, Heidelberg, Germany, September 12-16, 2016, Paul Lukowicz, Antonio Krüger, Andreas Bulling, Youn-Kyung Lim, and Shwe...

work page 2016

[22] [22]

Tuo Yu, Haiming Jin, and Klara Nahrstedt. 2020. Mobile Devices based Eaves- dropping of Handwriting. IEEE Trans. Mob. Comput. 19, 7 (2020), 1649–1663

work page 2020

[23] [23]

Spinning Language Models: Risks of Propaganda-As-A-Service and Countermeasures , url=

Zihao Zhan, Zhenkai Zhang, Sisheng Liang, Fan Yao, and Xenofon D. Kout- soukos. 2022. Graphics Peeping Unit: Exploiting EM Side-Channel Information of GPUs to Eavesdrop on Your Neighbors. In 43rd IEEE Symposium on Security and Privacy, SP 2022, San Francisco, CA, USA, May 22-26, 2022 . IEEE, 1440–1457. doi:10.1109/SP46214.2022.9833773

work page doi:10.1109/sp46214.2022.9833773 2022

[24] [24]

Maotian Zhang, Panlong Yang, Chang Tian, Lei Shi, Shaojie Tang, and Fu Xiao

work page

[25] [25]

SoundWrite: Text Input on Surfaces through Mobile Acoustic Sensing. In Proceedings of the 1st International Workshop on Experiences with the Design and Implementation of Smart Objects, SmartObjects@MobiCom 2015, Paris, France, September 7, 2015 , Pietro Manzoni, Claudio E. Palazzi, and Armir Bujari (Eds.). ACM, 13–17

work page 2015

[26] [26]

Shichen Zhang, Qijun Wang, Maolin Gan, Zhichao Cao, and Huacheng Zeng

work page

[27] [27]

In 32nd Annual Network and Distributed System Security Symposium, NDSS 2025, San Diego, California, USA, February 24-28, 2025

RadSee: See Your Handwriting Through Walls Using FMCW Radar. In 32nd Annual Network and Distributed System Security Symposium, NDSS 2025, San Diego, California, USA, February 24-28, 2025 . The Internet Society

work page 2025