Power to peep-all: Inference Attacks by Malicious Batteries on Mobile Devices

@article{Lifshits2018PowerTP,
  title={Power to peep-all: Inference Attacks by Malicious Batteries on Mobile Devices},
  author={Pavel Lifshits and Roni Forte and Yedid Hoshen and Matthew Halpern and Manuel Philipose and Mohit Tiwari and Mark Silberstein},
  journal={Proceedings on Privacy Enhancing Technologies},
  year={2018},
  volume={2018},
  pages={141 - 158}
}
Abstract Mobile devices are equipped with increasingly smart batteries designed to provide responsiveness and extended lifetime. [] Key Method We show techniques to infer characters typed on a touchscreen; to accurately recover browsing history in an open-world setup; and to reliably detect incoming calls, and the photo shots including their lighting conditions. Combined with a novel exfiltration technique that establishes a covert channel from the battery to a remote server via a web browser, these attacks…
View via Publisher
spark.ece.utexas.edu
26 Citations
Highly Influential Citations
5
Background Citations
15
Methods Citations
9

26 Citations

PLATYPUS: Software-based Power Side-Channel Attacks on x86

PLATYPUS attacks are presented, which are novel software-based power side-channel attacks on Intel server, desktop, and laptop CPUs and it is demonstrated how an unprivileged attacker can leak AES-NI keys from Intel SGX and the Linux kernel, break kernel address-space layout randomization (KASLR), infer secret instruction streams, and establish a timing-independent covert channel.

Defensive Charging: Mitigating Power Side-Channel Attacks on Charging Smartphones

This paper designs and rigorously evaluates two defense mechanisms, a hardware-based and software-based solution, to defend against three power side-channel attacks that can be launched by an adversary during the phone charging process.

Maya: Using Formal Control to Obfuscate Power Side Channels

Maya is presented, a simple and effective defense against power side channels to use formal control to re-shape the power dissipated by a computer in an application-transparent manner—preventing attackers from learning any information about the applications that are running.

Red Alert for Power Leakage: Exploiting Intel RAPL-Induced Side Channels

This paper has constructed a new RAPL-based covert channel using a single AVX instruction, which can exfiltrate data across different boundaries (e.g., those established by containers in software or even CPUs in hardware); and investigated the first RAPl-based website fingerprinting technique that can identify visited webpages with a high accuracy.

Maya: Using Formal Control to Obfuscate Power Side Channels

Maya is presented, a simple and effective defense against power side channels to use formal control to re-shape the power dissipated by a computer in an application-transparent manner—preventing attackers from learning any information about the applications that are running.

Your Noise, My Signal: Exploiting Switching Noise for Stealthy Data Exfiltration from Desktop Computers

NoDE (Noise for Data Exfiltration) is proposed, a new system for stealthy data exfiltration from enterprise desktop computers by exploiting high-frequency voltage ripples generated by power factor correction circuits built into today's computers.

Your Noise, My Signal

NoDE (Noise for Data Exfiltration) is proposed, a new system for stealthy data exfiltration from enterprise desktop computers by exploiting high-frequency voltage ripples generated by power factor correction circuits built into today's computers.

HammerScope: Observing DRAM Power Consumption Using Rowhammer

This paper observes that the \rh attack strongly correlates with the memory instantaneous power consumption, and designs HammerScope, a Rowhammer-based attack technique for measuring the power consumption of the memory unit, and uses it to mount three information leakage attacks.

Maya: Falsifying Power Sidechannels with Dynamic Control

This paper presents Maya, a simple and effective solution against power side-channels, to re-shape the power dissipated by an application in an application-transparent manner using control theory techniques - preventing attackers from learning any information.

Maya: Falsifying Power Sidechannels with Operating System Support

Maya is proposed, anOS-level defense against power side channels that can be easily deployed on existing systems and is the first OS- level defense against physical side channels.

References

SHOWING 1-10 OF 40 REFERENCES

No Pardon for the Interruption: New Inference Attacks on Android Through Interrupt Timing Analysis

This paper identifies a critical information leakage channel from the interrupt handling mechanism, which can be exploited to launch inference attacks without any permission and proposes a general attack approach -- interrupt timing analysis and apply it to interrupt logs.

On Inferring Browsing Activity on Smartphones via USB Power Analysis Side-Channel

This paper is unique, because it is the first to study this side-channel on smartphones, under smartphone-specific constraints, and demonstrates that Websites can be correctly identified within a short time span of $2\times6$ seconds, which is in contrast with prior work, which uses 15-s traces.

I know what you did on your smartphone: Inferring app usage over encrypted data traffic

It is shown that just by collecting and analyzing small amounts of wireless traffic, one can determine what apps each individual smartphone user in the vicinity is using, and that by using these apps the privacy of the user is more at risk compared to using online services through browsers on mobile devices.

The Leaking Battery - A Privacy Analysis of the HTML5 Battery Status API

This study shows that websites can discover the capacity of users’ batteries by exploiting the high precision readouts provided by Firefox on Linux, and highlights privacy risks associated with the HTML5 Battery Status API.

Current Events: Identifying Webpages by Tapping the Electrical Outlet

This work constructs a classifier that correctly identifies unlabeled power traces of webpage activity from a set of 51 candidates with 99% precision and 99% recall, and identifies the AC power side channel that leaks private information about web browsing to an observer taking measurements at the power outlet.

Peeping Tom in the Neighborhood: Keystroke Eavesdropping on Multi-User Systems

A new attack is presented that allows a malicious user to eavesdrop on other users' keystrokes using such information that takes advantage of the stack information of a process disclosed by its virtual file within procfs, the process file system supported by Linux.

PowerSpy: Location Tracking Using Mobile Device Power Analysis

It is shown that by simply reading the phone's aggregate power consumption over a period of a few minutes an application can learn information about the user's location by using machine learning algorithms.

POWERFUL: Mobile app fingerprinting via power analysis

The design and evaluation of POWERFUL are presented, a new attack which can fingerprint sensitive mobile apps (or infer sensitive app usage) by analyzing the power consumption profiles on Android devices.

KeyDrown: Eliminating Keystroke Timing Side-Channel Attacks

KeyDrown injects a large number of fake keystrokes in the kernel to prevent interrupt-based attacks and Prime+Probe attacks on the kernel and eliminates any advantage an attacker can gain from using interrupt or cache side-channel information.

Systematic Classification of Side-Channel Attacks: A Case Study for Mobile Devices

This paper proposes a new categorization system for side-channel attacks, necessary as side- channel attacks have evolved significantly since their scientific investigations during the smart card era in the 1990s, and facilitates the development of novel countermeasures.