ABSTRACT
Mobile devices have emerged as the most popular platforms to access information. However, they have also become a major concern of privacy violation and previous researches have demonstrated various approaches to infer user privacy based on mobile devices. In this paper, we study a new side channel of a laptop that could be harvested by a commercial-off-the-shelf (COTS) mobile device, eg, a smartphone. We propose MagAttack, which exploits the electromagnetic (EM) side channel of a laptop to infer user activities, i.e., application launching and application operation. The key insight of MagAttack is that applications are discrepant in essence due to the different compositions of instructions, which can be reflected on the CPU power consumption, and thus the corresponding EM emissions. MagAttack is challenging since that EM signals are noisy due to the dynamics of applications and the limited sampling rate of the built-in magnetometers in COTS mobile devices. We overcome these challenges and convert noisy coarse-grained EM signals to robust fine-grained features. We implement MagAttack on both an iOS and an Android smartphone without any hardware modification, and evaluate its performance with 13 popular applications and 50 top websites in China. The results demonstrate that MagAttack can recognize aforementioned 13 applications with an average accuracy of 98.6%, and figure out the visiting operation among 50 websites with an average accuracy of 84.7%.
- Ali N Akansu and Richard A Haddad. 2001. Multiresolution signal decomposition: transforms, subbands, and wavelets. Academic Press. Google ScholarDigital Library
- Alexa. 2017. Top Sites in China. http://www.alexa.com/topsites/countries/CN. (2017).Google Scholar
- Adam J Aviv, Benjamin Sapp, Matt Blaze, and Jonathan M Smith. 2012. Practicality of accelerometer side channels on smartphones. In Proceedings of the 28th Annual Computer Security Applications Conference (ACSAC'12). ACM, 41--50. Google ScholarDigital Library
- Sebastian Biedermann, Stefan Katzenbeisser, and Jakub Szefer. 2015. Hard drive side-channel attacks using smartphone magnetic field sensors. In Proceedings of the 19th International Conference on Financial Cryptography and Data Security (FC'15). Springer, 489--496.Google ScholarCross Ref
- Liang Cai and Hao Chen. 2011. Touch Logger: Inferring Keystrokes on Touch Screen from Smartphone Motion. In Proceedings of the 6th USENIX conference on Hot Topics in Security (HotSec'11), Vol. 11. 9--9. Google ScholarDigital Library
- Chih-Chung Chang and Chih-Jen Lin. 2011. LIBSVM: a library for support vector machines. ACM Transactions on Intelligent Systems and Technology 2, 3 (2011), 27. Google ScholarDigital Library
- Ke-Yu Chen, Sidhant Gupta, Eric C Larson, and Shwetak Patel. 2015. DOSE: Detecting user-driven operating states of electronic devices from a single sensing point. In Proceedings of the 2015 IEEE International Conference on Pervasive Computing and Communications (PerCom'15). IEEE, 46--54.Google ScholarCross Ref
- Shane S Clark, Hossen Mustafa, Benjamin Ransford, Jacob Sorber, Kevin Fu, and Wenyuan Xu. 2013. Current events: Identifying webpages by tapping the electrical outlet. In Proceedings of the 18th European Symposium on Research in Computer Security (ESORICS'13). Springer, 700--717.Google ScholarCross Ref
- Ronald R Coifman and M Victor Wickerhauser. 1992. Entropy-based algorithms for best basis selection. IEEE Transactions on information theory 38, 2 (1992), 713--718. Google ScholarDigital Library
- dtrace.org. 2017. About Dtrace. http://dtrace.org/blogs/about. (2017).Google Scholar
- Gartner. 2018. Gartner Says Worldwide Device Shipments Will Increase 2.1 Percent in 2018. https://www.gartner.com/newsroom/id/3849063. (2018).Google Scholar
- Daniel Genkin, Lev Pachmanov, Itamar Pipman, and Eran Tromer. 2015. Stealing keys from PCs using a radio: Cheap electromagnetic attacks on windowed exponentiation. In Proceedings of the 17th International Workshop on Cryptographic Hardware and Embedded Systems (CHES'15). Springer, 207--228.Google ScholarCross Ref
- Daniel Genkin, Itamar Pipman, and Eran Tromer. 2015. Get your hands off my laptop: Physical side-channel key-extraction attacks on PCs. Journal of Cryptographic Engineering 5, 2 (2015), 95--112.Google ScholarCross Ref
- Github. 2016. DTrace-win32. https://github.com/prash-wghats/DTrace-win32. (2016).Google Scholar
- Gregose. 2016. Syscall-table. http://syscalls.kernelgrok.com/. (2016).Google Scholar
- Sidhant Gupta, Matthew S Reynolds, and Shwetak N Patel. 2010. ElectriSense: single-point sensing using EMI for electrical event detection and classification in the home. In Proceedings of the 12th ACM international conference on Ubiquitous computing (Ubicomp'10). ACM, 139--148. Google ScholarDigital Library
- Suman Jana and Vitaly Shmatikov. 2012. Memento: Learning secrets from process footprints. In Proceedings of the 2012 IEEE Symposium on Security and Privacy (S&P'12). IEEE, 143--157. Google ScholarDigital Library
- Paul Kocher, Joshua Jaffe, and Benjamin Jun. 1999. Differential power analysis. In Proceedings of the 19th Annual International Cryptology Conference (CRYPTO'99). Springer, 388--397. Google ScholarDigital Library
- Liming Lu, Ee-Chien Chang, and Mun Choon Chan. 2010. Website fingerprinting and identification using ordered feature sequences. In Proceedings of the 15th European Symposium on Research in Computer Security (ESORICS'10). Springer, 199--214. Google ScholarDigital Library
- S Lawrence Marple. 1987. Digital spectral analysis: with applications. Vol. 5. Prentice-Hall Englewood Cliffs, NJ. Google ScholarDigital Library
- François Petitjean, Germain Forestier, Geoffrey IWebb, Ann E Nicholson, Yanping Chen, and Eamonn Keogh. 2014. Dynamic time warping averaging of time series allows faster and more accurate classification. In Proceedings of the 2014 IEEE International Conference on Data Mining (ICDM'14). IEEE, 470--479. Google ScholarDigital Library
- Roman Schlegel, Kehuan Zhang, Xiao-yong Zhou, Mehool Intwala, Apu Kapadia, and XiaoFeng Wang. 2011. Soundcomber: A Stealthy and Context-Aware Sound Trojan for Smartphones. In Proceedings of the 18th Annual Network and Distributed System Security Symposium (NDSS'11), Vol. 11. 17--33.Google Scholar
- Amelia Shen, Abhijit Ghosh, Srinivas Devadas, and Kurt Keutzer. 1992. On average power dissipation and random pattern testability of CMOS combinational logic networks. In Proceedings of the 1992 IEEE/ACM international conference on Computer-aided design (ICCAD'92). IEEE, 402--407. Google ScholarDigital Library
- Amit Singh. 2006. Mac OS X internals: a systems approach. Addison-Wesley Professional. Google ScholarDigital Library
- Cati Vaucelle, Hiroshi Ishii, and Joseph A Paradiso. 2009. Cost-effective wearable sensor to detect EMF. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (CHI'09). ACM, 4309--4314. Google ScholarDigital Library
- Edward J Wang, Tien-Jui Lee, Alex Mariakakis, Mayank Goel, Sidhant Gupta, and Shwetak N Patel. 2015. Magnifisense: Inferring device interaction using wrist-worn passive magneto-inductive sensors. In Proceedings of the 17th ACM international conference on Ubiquitous computing (Ubicomp'15). ACM, 15--26. Google ScholarDigital Library
- Wikipedia. 2017. CMOS. https://en.wikipedia.org/wiki/CMOS. (2017).Google Scholar
- Wikipedia. 2017. k-nearest neighbors algorithm. https://en.wikipedia.org/wiki/ K-nearest_neighbors_algorithm. (2017).Google Scholar
- SvanteWold, Kim Esbensen, and Paul Geladi. 1987. Principal component analysis. Chemometrics and intelligent laboratory systems 2, 1--3 (1987), 37--52.Google Scholar
- Nan Xu, Fan Zhang, Yisha Luo,Weijia Jia, Dong Xuan, and Jin Teng. 2009. Stealthy video capturer: a new video-based spyware in 3g smartphones. In Proceedings of the 2rd ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec'09). ACM, 69--78. Google ScholarDigital Library
- Mi Zhang and Alexander A Sawchuk. 2012. A preliminary study of sensing appliance usage for human activity recognition using mobile magnetometer. In Proceedings of the 14th ACM international conference on Ubiquitous computing (Ubicomp'12). ACM, 745--748. Google ScholarDigital Library
- Tong Zhu, Qiang Ma, Shanfeng Zhang, and Yunhao Liu. 2014. Context-free attacks using keyboard acoustic emanations. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security (CCS'14). ACM, 453--464. Google ScholarDigital Library
- Li Zhuang, Feng Zhou, and J Doug Tygar. 2009. Keyboard acoustic emanations revisited. ACM Transactions on Information and System Security 13, 1 (2009), 3. Google ScholarDigital Library
Recommendations
MagAttack: remote app sensing with your phone
UbiComp '16: Proceedings of the 2016 ACM International Joint Conference on Pervasive and Ubiquitous Computing: AdjunctBy tracking changes in electromagnetic radiation footprint emitted from computers using a magnetometer on commodity mobile devices, a malicious attacker can easily learn the secrets of the computer's owner without physically peeping at or hacking into ...
The Long-Standing Privacy Debate: Mobile Websites vs Mobile Apps
WWW '17: Proceedings of the 26th International Conference on World Wide WebThe vast majority of online services nowadays, provide both a mobile friendly website and a mobile application to their users. Both of these choices are usually released for free, with their developers, usually gaining revenue by allowing advertisements ...
A Study of User Privacy in Android Mobile AR Apps
ASE '22: Proceedings of the 37th IEEE/ACM International Conference on Automated Software EngineeringWith the development of augmented reality (AR) technology, the use of mobile AR applications (MAR apps) is rising rapidly in various aspects of people’s everyday lives, such as games, shopping, and education. When compared to traditional apps, AR apps ...
Comments