Good Vibes! Towards Phone-to-User Authentication Through Wristwatch Vibrations
Jakob Dittrich, Rainhard Dieter Findling
TL;DR
GoodVibes addresses the lack of device-to-user authentication by letting a paired wristwatch vibrate in a user-selected pattern to confirm a phone's authenticity. The approach uses a secure Bluetooth channel for a wake-time ping, triggering the watch to emit the chosen vibration pattern, enabling users to verify that they are interacting with their own device and not a replica or compromised device. In a lab study with 30 participants, the system achieved high recognition accuracy and strong positive usability feedback, while revealing limitations related to threat scope and real-world variability. The work offers a practical defense against cross-device interactions and hardware phishing, with clear directions for real-world longitudinal evaluation and threat-model expansion.
Abstract
While mobile devices frequently require users to authenticate to prevent unauthorized access, mobile devices typically do not authenticate to their users. This leaves room for users to unwittingly interact with different mobile devices. We present GoodVibes authentication, a variant of mobile device-to-user authentication, where the user's phone authenticates to the user through their wristwatch vibrating in their pre-selected authentication vibration pattern. We implement GoodVibes authentication as an Android prototype, evaluate different authentication scenarios with 30 participants, and find users to be able to well recognize and distinguish their authentication vibration pattern from different patters, from unrelated vibrations, and from the pattern being absent.