skip to main content
10.1145/3321705.3329817acmconferencesArticle/Chapter ViewAbstractPublication Pagesasia-ccsConference Proceedingsconference-collections
research-article

MagAttack: Guessing Application Launching and Operation via Smartphone

Published: 02 July 2019 Publication History

Abstract

Mobile devices have emerged as the most popular platforms to access information. However, they have also become a major concern of privacy violation and previous researches have demonstrated various approaches to infer user privacy based on mobile devices. In this paper, we study a new side channel of a laptop that could be harvested by a commercial-off-the-shelf (COTS) mobile device, eg, a smartphone. We propose MagAttack, which exploits the electromagnetic (EM) side channel of a laptop to infer user activities, i.e., application launching and application operation. The key insight of MagAttack is that applications are discrepant in essence due to the different compositions of instructions, which can be reflected on the CPU power consumption, and thus the corresponding EM emissions. MagAttack is challenging since that EM signals are noisy due to the dynamics of applications and the limited sampling rate of the built-in magnetometers in COTS mobile devices. We overcome these challenges and convert noisy coarse-grained EM signals to robust fine-grained features. We implement MagAttack on both an iOS and an Android smartphone without any hardware modification, and evaluate its performance with 13 popular applications and 50 top websites in China. The results demonstrate that MagAttack can recognize aforementioned 13 applications with an average accuracy of 98.6%, and figure out the visiting operation among 50 websites with an average accuracy of 84.7%.

References

[1]
Ali N Akansu and Richard A Haddad. 2001. Multiresolution signal decomposition: transforms, subbands, and wavelets. Academic Press.
[2]
Alexa. 2017. Top Sites in China. http://www.alexa.com/topsites/countries/CN. (2017).
[3]
Adam J Aviv, Benjamin Sapp, Matt Blaze, and Jonathan M Smith. 2012. Practicality of accelerometer side channels on smartphones. In Proceedings of the 28th Annual Computer Security Applications Conference (ACSAC'12). ACM, 41--50.
[4]
Sebastian Biedermann, Stefan Katzenbeisser, and Jakub Szefer. 2015. Hard drive side-channel attacks using smartphone magnetic field sensors. In Proceedings of the 19th International Conference on Financial Cryptography and Data Security (FC'15). Springer, 489--496.
[5]
Liang Cai and Hao Chen. 2011. Touch Logger: Inferring Keystrokes on Touch Screen from Smartphone Motion. In Proceedings of the 6th USENIX conference on Hot Topics in Security (HotSec'11), Vol. 11. 9--9.
[6]
Chih-Chung Chang and Chih-Jen Lin. 2011. LIBSVM: a library for support vector machines. ACM Transactions on Intelligent Systems and Technology 2, 3 (2011), 27.
[7]
Ke-Yu Chen, Sidhant Gupta, Eric C Larson, and Shwetak Patel. 2015. DOSE: Detecting user-driven operating states of electronic devices from a single sensing point. In Proceedings of the 2015 IEEE International Conference on Pervasive Computing and Communications (PerCom'15). IEEE, 46--54.
[8]
Shane S Clark, Hossen Mustafa, Benjamin Ransford, Jacob Sorber, Kevin Fu, and Wenyuan Xu. 2013. Current events: Identifying webpages by tapping the electrical outlet. In Proceedings of the 18th European Symposium on Research in Computer Security (ESORICS'13). Springer, 700--717.
[9]
Ronald R Coifman and M Victor Wickerhauser. 1992. Entropy-based algorithms for best basis selection. IEEE Transactions on information theory 38, 2 (1992), 713--718.
[10]
dtrace.org. 2017. About Dtrace. http://dtrace.org/blogs/about. (2017).
[11]
Gartner. 2018. Gartner Says Worldwide Device Shipments Will Increase 2.1 Percent in 2018. https://www.gartner.com/newsroom/id/3849063. (2018).
[12]
Daniel Genkin, Lev Pachmanov, Itamar Pipman, and Eran Tromer. 2015. Stealing keys from PCs using a radio: Cheap electromagnetic attacks on windowed exponentiation. In Proceedings of the 17th International Workshop on Cryptographic Hardware and Embedded Systems (CHES'15). Springer, 207--228.
[13]
Daniel Genkin, Itamar Pipman, and Eran Tromer. 2015. Get your hands off my laptop: Physical side-channel key-extraction attacks on PCs. Journal of Cryptographic Engineering 5, 2 (2015), 95--112.
[14]
Github. 2016. DTrace-win32. https://github.com/prash-wghats/DTrace-win32. (2016).
[15]
Gregose. 2016. Syscall-table. http://syscalls.kernelgrok.com/. (2016).
[16]
Sidhant Gupta, Matthew S Reynolds, and Shwetak N Patel. 2010. ElectriSense: single-point sensing using EMI for electrical event detection and classification in the home. In Proceedings of the 12th ACM international conference on Ubiquitous computing (Ubicomp'10). ACM, 139--148.
[17]
Suman Jana and Vitaly Shmatikov. 2012. Memento: Learning secrets from process footprints. In Proceedings of the 2012 IEEE Symposium on Security and Privacy (S&P'12). IEEE, 143--157.
[18]
Paul Kocher, Joshua Jaffe, and Benjamin Jun. 1999. Differential power analysis. In Proceedings of the 19th Annual International Cryptology Conference (CRYPTO'99). Springer, 388--397.
[19]
Liming Lu, Ee-Chien Chang, and Mun Choon Chan. 2010. Website fingerprinting and identification using ordered feature sequences. In Proceedings of the 15th European Symposium on Research in Computer Security (ESORICS'10). Springer, 199--214.
[20]
S Lawrence Marple. 1987. Digital spectral analysis: with applications. Vol. 5. Prentice-Hall Englewood Cliffs, NJ.
[21]
François Petitjean, Germain Forestier, Geoffrey IWebb, Ann E Nicholson, Yanping Chen, and Eamonn Keogh. 2014. Dynamic time warping averaging of time series allows faster and more accurate classification. In Proceedings of the 2014 IEEE International Conference on Data Mining (ICDM'14). IEEE, 470--479.
[22]
Roman Schlegel, Kehuan Zhang, Xiao-yong Zhou, Mehool Intwala, Apu Kapadia, and XiaoFeng Wang. 2011. Soundcomber: A Stealthy and Context-Aware Sound Trojan for Smartphones. In Proceedings of the 18th Annual Network and Distributed System Security Symposium (NDSS'11), Vol. 11. 17--33.
[23]
Amelia Shen, Abhijit Ghosh, Srinivas Devadas, and Kurt Keutzer. 1992. On average power dissipation and random pattern testability of CMOS combinational logic networks. In Proceedings of the 1992 IEEE/ACM international conference on Computer-aided design (ICCAD'92). IEEE, 402--407.
[24]
Amit Singh. 2006. Mac OS X internals: a systems approach. Addison-Wesley Professional.
[25]
Cati Vaucelle, Hiroshi Ishii, and Joseph A Paradiso. 2009. Cost-effective wearable sensor to detect EMF. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (CHI'09). ACM, 4309--4314.
[26]
Edward J Wang, Tien-Jui Lee, Alex Mariakakis, Mayank Goel, Sidhant Gupta, and Shwetak N Patel. 2015. Magnifisense: Inferring device interaction using wrist-worn passive magneto-inductive sensors. In Proceedings of the 17th ACM international conference on Ubiquitous computing (Ubicomp'15). ACM, 15--26.
[27]
Wikipedia. 2017. CMOS. https://en.wikipedia.org/wiki/CMOS. (2017).
[28]
Wikipedia. 2017. k-nearest neighbors algorithm. https://en.wikipedia.org/wiki/ K-nearest_neighbors_algorithm. (2017).
[29]
SvanteWold, Kim Esbensen, and Paul Geladi. 1987. Principal component analysis. Chemometrics and intelligent laboratory systems 2, 1--3 (1987), 37--52.
[30]
Nan Xu, Fan Zhang, Yisha Luo,Weijia Jia, Dong Xuan, and Jin Teng. 2009. Stealthy video capturer: a new video-based spyware in 3g smartphones. In Proceedings of the 2rd ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec'09). ACM, 69--78.
[31]
Mi Zhang and Alexander A Sawchuk. 2012. A preliminary study of sensing appliance usage for human activity recognition using mobile magnetometer. In Proceedings of the 14th ACM international conference on Ubiquitous computing (Ubicomp'12). ACM, 745--748.
[32]
Tong Zhu, Qiang Ma, Shanfeng Zhang, and Yunhao Liu. 2014. Context-free attacks using keyboard acoustic emanations. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security (CCS'14). ACM, 453--464.
[33]
Li Zhuang, Feng Zhou, and J Doug Tygar. 2009. Keyboard acoustic emanations revisited. ACM Transactions on Information and System Security 13, 1 (2009), 3.

Cited By

View all
  • (2025)MagSpy: Revealing User Privacy Leakage via Magnetometer on Mobile DevicesIEEE Transactions on Mobile Computing10.1109/TMC.2024.349550624:3(2455-2469)Online publication date: Mar-2025
  • (2024)An Eavesdropping System Based on Magnetic Side-Channel Signals Leaked by SpeakersACM Transactions on Sensor Networks10.1145/363706320:2(1-30)Online publication date: 10-Jan-2024
  • (2024)MagView++: Data Exfiltration via CPU Magnetic Signals Under Video DecodingIEEE Transactions on Mobile Computing10.1109/TMC.2023.326240023:3(2486-2503)Online publication date: Mar-2024
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences
Asia CCS '19: Proceedings of the 2019 ACM Asia Conference on Computer and Communications Security
July 2019
708 pages
ISBN:9781450367523
DOI:10.1145/3321705
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 02 July 2019

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. commodity mobile device
  2. electromagnetic emission
  3. side channel attack
  4. user privacy

Qualifiers

  • Research-article

Funding Sources

Conference

Asia CCS '19
Sponsor:

Acceptance Rates

Overall Acceptance Rate 418 of 2,322 submissions, 18%

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)52
  • Downloads (Last 6 weeks)6
Reflects downloads up to 17 Feb 2025

Other Metrics

Citations

Cited By

View all
  • (2025)MagSpy: Revealing User Privacy Leakage via Magnetometer on Mobile DevicesIEEE Transactions on Mobile Computing10.1109/TMC.2024.349550624:3(2455-2469)Online publication date: Mar-2025
  • (2024)An Eavesdropping System Based on Magnetic Side-Channel Signals Leaked by SpeakersACM Transactions on Sensor Networks10.1145/363706320:2(1-30)Online publication date: 10-Jan-2024
  • (2024)MagView++: Data Exfiltration via CPU Magnetic Signals Under Video DecodingIEEE Transactions on Mobile Computing10.1109/TMC.2023.326240023:3(2486-2503)Online publication date: Mar-2024
  • (2024)CapSpeaker: Injecting Commands to Voice Assistants Via CapacitorsIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2023.332618421:4(3295-3308)Online publication date: Jul-2024
  • (2024)Trustworthy IAP: An Intelligent Applications Profiler to Investigate Vulnerabilities of Consumer Electronic DevicesIEEE Transactions on Consumer Electronics10.1109/TCE.2023.334765170:1(4605-4616)Online publication date: Feb-2024
  • (2024)A Taxonomy-Based Survey of EM-SCA and Implications for Multi-Robot SystemsIEEE Open Journal of the Computer Society10.1109/OJCS.2024.34618085(511-529)Online publication date: 2024
  • (2023)ProxiFitProceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies10.1145/36109207:3(1-32)Online publication date: 27-Sep-2023
  • (2023)Demonstrating ProxiFit: Proximal Magnetic Sensing using a Single Commodity Mobile toward Holistic Weight Exercise MonitoringAdjunct Proceedings of the 2023 ACM International Joint Conference on Pervasive and Ubiquitous Computing & the 2023 ACM International Symposium on Wearable Computing10.1145/3594739.3610710(151-156)Online publication date: 8-Oct-2023
  • (2023)Recovering Fingerprints from In-Display Fingerprint Sensors via Electromagnetic Side ChannelProceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security10.1145/3576915.3623153(253-267)Online publication date: 15-Nov-2023
  • (2023)MagneComm+: Near-Field Electromagnetic Induction Communication With MagnetometerIEEE Transactions on Mobile Computing10.1109/TMC.2021.313348122:5(2789-2801)Online publication date: 1-May-2023
  • Show More Cited By

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media