Video Demos

This website is prepared for the demonstration of CAKI Attack. The conference version of this work has been published in the proceedings of ESORICS'15.  

Wenrui Diao, Xiangyu Liu, Zhe Zhou, Kehuan Zhang and Zhou Li. Mind-Reading: Privacy Attacks Exploiting Cross-App KeyEvent Injections. The 20th European Symposium on Research in Computer Security (ESORICS)Vienna, Austria, September 2015.

Contact: System Security Lab, The Chinese University of Hong Kong


1. Demo for word completion attack mode. [Chinese & Sogou Mobile IME]
Attack Mode 1 – Word Completion: For each round, DicThief injects 2 or 3 letters and then injects the space key or number ``1'' to obtain the first word from the suggestion list of IME, which is then appended to the list of collected results. This attack works based on the dynamic order adjustment feature of IME.

In this demo, the injected keys are combinations of pinyin initials. For example, the injected keys "x'g" will trigger

 Then the first suggestion "习惯" is committed to DicThief.

CAKI Attack Demo 1

2. Demo for next-word prediction attack mode. [English & TouchPal]
Attack Mode 2 Next-Word Prediction: This time, DicThief injects a complete word (or several words) for each round, and selects the first word prompted by IME. Similarly, the space key or number ``1'' is used to obtain the first suggestion. This attack exploits IME's next-word prediction feature.

In this demo, DicThief carried out 3-level prediction attacks. For example, injected "want" triggers:

Then DicThief selected the first suggestion "to". It triggers:

Similarly, "want to" triggers:

Finally the result "want to go shopping" is committed to DicThief.

CAKI Attak Demo 2