How to phone home with someone else’s phone: Information exfiltration using intentional sound noise on gyroscopic sensors

Benyamin Farshteindiker; Nir Hasidim; Asaf Grosz; Yossi Oren

How to phone home with someone else’s phone: Information exfiltration using intentional sound noise on gyroscopic sensors

Benyamin Farshteindiker, Nir Hasidim, Asaf Grosz, Yossi Oren

Research output: Contribution to conference › Paper › peer-review

Abstract

We show how a low-power device, such as a surveillance bug, can take advantage of a nearby mobile phone to exfiltrate arbitrary secrets across the Internet at a data rate of hundreds to thousands of bits per second, all without the phone owner’s awareness or permission. All the attack requires is for the phone to browse to an attacker-controlled website. This feat is carried out by exploiting a particular characteristic of the phone’s gyroscope which was discovered by Son et al. in [11]. We discuss the theoretical principles behind our attack, evaluate it on several different mobile devices, and discuss potential countermeasures and mitigations. Finally, we suggest how this attack vector can be used benevolently for the purpose of safer and easier two-factor authentication.

Original language	American English
State	Published - 1 Jan 2016
Event	10th USENIX Workshop on Offensive Technologies, WOOT 2016 - Austin, United States Duration: 8 Aug 2016 → 9 Aug 2016

Conference

Conference	10th USENIX Workshop on Offensive Technologies, WOOT 2016
Country/Territory	United States
City	Austin
Period	8/08/16 → 9/08/16

All Science Journal Classification (ASJC) codes

Computer Networks and Communications
Hardware and Architecture
Information Systems
Software

Cite this

@conference{e9ab906d748e4de2b3fae4711511e382,

title = "How to phone home with someone else{\textquoteright}s phone: Information exfiltration using intentional sound noise on gyroscopic sensors",

abstract = "We show how a low-power device, such as a surveillance bug, can take advantage of a nearby mobile phone to exfiltrate arbitrary secrets across the Internet at a data rate of hundreds to thousands of bits per second, all without the phone owner{\textquoteright}s awareness or permission. All the attack requires is for the phone to browse to an attacker-controlled website. This feat is carried out by exploiting a particular characteristic of the phone{\textquoteright}s gyroscope which was discovered by Son et al. in [11]. We discuss the theoretical principles behind our attack, evaluate it on several different mobile devices, and discuss potential countermeasures and mitigations. Finally, we suggest how this attack vector can be used benevolently for the purpose of safer and easier two-factor authentication.",

author = "Benyamin Farshteindiker and Nir Hasidim and Asaf Grosz and Yossi Oren",

note = "Publisher Copyright: {\textcopyright} 2016 USENIX Association. All rights reserved.; 10th USENIX Workshop on Offensive Technologies, WOOT 2016 ; Conference date: 08-08-2016 Through 09-08-2016",

year = "2016",

month = jan,

day = "1",

language = "American English",

}

TY - CONF

T1 - How to phone home with someone else’s phone

T2 - 10th USENIX Workshop on Offensive Technologies, WOOT 2016

AU - Farshteindiker, Benyamin

AU - Hasidim, Nir

AU - Grosz, Asaf

AU - Oren, Yossi

PY - 2016/1/1

Y1 - 2016/1/1

N2 - We show how a low-power device, such as a surveillance bug, can take advantage of a nearby mobile phone to exfiltrate arbitrary secrets across the Internet at a data rate of hundreds to thousands of bits per second, all without the phone owner’s awareness or permission. All the attack requires is for the phone to browse to an attacker-controlled website. This feat is carried out by exploiting a particular characteristic of the phone’s gyroscope which was discovered by Son et al. in [11]. We discuss the theoretical principles behind our attack, evaluate it on several different mobile devices, and discuss potential countermeasures and mitigations. Finally, we suggest how this attack vector can be used benevolently for the purpose of safer and easier two-factor authentication.

AB - We show how a low-power device, such as a surveillance bug, can take advantage of a nearby mobile phone to exfiltrate arbitrary secrets across the Internet at a data rate of hundreds to thousands of bits per second, all without the phone owner’s awareness or permission. All the attack requires is for the phone to browse to an attacker-controlled website. This feat is carried out by exploiting a particular characteristic of the phone’s gyroscope which was discovered by Son et al. in [11]. We discuss the theoretical principles behind our attack, evaluate it on several different mobile devices, and discuss potential countermeasures and mitigations. Finally, we suggest how this attack vector can be used benevolently for the purpose of safer and easier two-factor authentication.

UR - http://www.scopus.com/inward/record.url?scp=85084164801&partnerID=8YFLogxK

M3 - Paper

Y2 - 8 August 2016 through 9 August 2016

ER -

How to phone home with someone else’s phone: Information exfiltration using intentional sound noise on gyroscopic sensors

Abstract

Conference

All Science Journal Classification (ASJC) codes

Other files and links

Cite this