We show that accelerometer readings are a powerful side channel that can be used to extract entire sequences of entered text on a smartphone touchscreen keyboard. This possibility is a concern for two main reasons. First, unauthorized access to one’s keystrokes is a serious invasion of privacy as consumers increasingly use smartphones for sensitive transactions. Second, unlike many other sensors found on smartphones, the accelerometer does not require special privileges to access on current smartphone OSes. We show that accelerometer measurements can be used to extract 6-character passwords in as few as 4.5 trials (median). Keywords Mobile Phone, Sensor Malware, Side-Channel Attack, Keystroke Inference, Accelerometer