Abstract
: Mobile devices are equipped with increasingly
smart batteries designed to provide responsiveness and
extended lifetime. However, such smart batteries may
present a threat to users’ privacy. We demonstrate that
the phone’s power trace sampled from the battery at
1KHz holds enough information to recover a variety of
sensitive information.
We show techniques to infer characters typed on a
touchscreen; to accurately recover browsing history in
an open-world setup; and to reliably detect incoming
calls, and the photo shots including their lighting conditions. Combined with a novel exfiltration technique
that establishes a covert channel from the battery to a
remote server via a web browser, these attacks turn the
malicious battery into a stealthy surveillance device.
We deconstruct the attack by analyzing its robustness
to sampling rate and execution conditions. To find mitigations we identify the sources of the information leakage exploited by the attack. We discover that the GPU
or DRAM power traces alone are sufficient to distinguish between different websites. However, the CPU and
power-hungry peripherals such as a touchscreen are the
primary sources of fine-grain information leakage. We
consider and evaluate possible mitigation mechanisms,
highlighting the challenges to defend against the attacks.
In summary, our work shows the feasibility of the malicious battery and motivates further research into system and application-level defenses to fully mitigate this
emerging threat
smart batteries designed to provide responsiveness and
extended lifetime. However, such smart batteries may
present a threat to users’ privacy. We demonstrate that
the phone’s power trace sampled from the battery at
1KHz holds enough information to recover a variety of
sensitive information.
We show techniques to infer characters typed on a
touchscreen; to accurately recover browsing history in
an open-world setup; and to reliably detect incoming
calls, and the photo shots including their lighting conditions. Combined with a novel exfiltration technique
that establishes a covert channel from the battery to a
remote server via a web browser, these attacks turn the
malicious battery into a stealthy surveillance device.
We deconstruct the attack by analyzing its robustness
to sampling rate and execution conditions. To find mitigations we identify the sources of the information leakage exploited by the attack. We discover that the GPU
or DRAM power traces alone are sufficient to distinguish between different websites. However, the CPU and
power-hungry peripherals such as a touchscreen are the
primary sources of fine-grain information leakage. We
consider and evaluate possible mitigation mechanisms,
highlighting the challenges to defend against the attacks.
In summary, our work shows the feasibility of the malicious battery and motivates further research into system and application-level defenses to fully mitigate this
emerging threat
| Original language | English |
|---|---|
| Pages (from-to) | 141-158 |
| Number of pages | 18 |
| Journal | Proc. Priv. Enhancing Technol. |
| Volume | 2018 |
| Issue number | 4 |
| State | Published - 2018 |
Fingerprint
Dive into the research topics of 'Power to peep-all: Inference Attacks by Malicious Batteries on Mobile Devices.'. Together they form a unique fingerprint.Cite this
- APA
- Author
- BIBTEX
- Harvard
- Standard
- RIS
- Vancouver