Privacy Threats through Ultrasonic Side Channels on Mobile Devices

@article{Arp2017PrivacyTT,
  title={Privacy Threats through Ultrasonic Side Channels on Mobile Devices},
  author={Dan Arp and Erwin Quiring and Christian Wressnegger and K. Rieck},
  journal={2017 IEEE European Symposium on Security and Privacy (EuroS\&P)},
  year={2017},
  pages={35-47}
}
Device tracking is a serious threat to the privacy of users, as it enables spying on their habits and activities. A recent practice embeds ultrasonic beacons in audio and tracks them using the microphone of mobile devices. This side channel allows an adversary to identify a user's current location, spy on her TV viewing habits or link together her different mobile devices. In this paper, we explore the capabilities, the current prevalence and technical limitations of this new tracking technique… Expand
Zero-permission acoustic cross-device tracking
TLDR
A novel approach to acoustic cross-device tracking is introduced, which does not require microphone access, but instead exploits the susceptibility of MEMS gyroscopes to acoustic vibrations at specific (ultrasonic) frequencies. Expand
MISSILE: A System of Mobile Inertial Sensor-Based Sensitive Indoor Location Eavesdropping
  • Huadi Zheng, Haibo Hu
  • Computer Science
  • IEEE Transactions on Information Forensics and Security
  • 2020
TLDR
MISSILE is presented, an automatic system that can infer users’ indoor location using labeled sensor data as prior knowledge, and shows good success rate for inference attack. Expand
The All Seeing Eye: Web to App Intercommunication for Session Fingerprinting in Android
TLDR
This work introduces some novel user deanonymisation approaches for device fingerprinting in Android and proves that web pages, by using several inherent mechanisms, can cooperate with installed mobile apps to identify which sessions operate in specific devices and consequently to further expose users’ privacy. Expand
A Privacy Analysis of Cross-device Tracking
TLDR
It is shown that the similarity of IP addresses and Internet history for a user’s devices gives rise to a matching rate of F-1 = 0.91 for connecting a mobile to a desktop device in the authors' dataset, which is especially noteworthy in light of the increase in learning power that cross-device companies may achieve by leveraging user data from more than one device. Expand
PatternListener: Cracking Android Pattern Lock Using Acoustic Signals
TLDR
Motivated by an observation that fingertip motions on the screen of a mobile device can be captured by analyzing surrounding acoustic signals on it, this work proposes PatternListener, a novel acoustic attack that cracks pattern lock by leveraging and analyzing imperceptible acoustic signals reflected by the fingertip. Expand
Stealing Your Android Patterns via Acoustic Signals
TLDR
This paper proposes PatternListener+, a practical attack on pattern locks using the speakers and microphones on mobile devices, and implements a PatternListener+ prototype using off-the-shelf smartphones, and extensive experiments confirm the effectiveness and robustness of PatternListener+. Expand
Panoptispy: Characterizing Audio and Video Exfiltration from Android Applications
TLDR
This study reveals several alarming privacy risks in the Android app ecosystem, including apps that over-provision their media permissions and apps that share image and video data with other parties in unexpected ways, without user knowledge or consent. Expand
Automated discovery of privacy violations on the web
TLDR
A critical look at how the API design process can be changed to prevent such misuse in the future is taken, and novel detection methods and results for persistent tracking techniques, including: device fingerprinting, cookie syncing, and cookie respawning are presented. Expand
Is My Phone Listening in? On the Feasibility and Detectability of Mobile Eavesdropping
TLDR
This paper provides a holistic overview of the issue, reviewing and analyzing existing arguments and explanatory approaches from both sides, and challenges the widespread assumption that the spying fears have already been disproved. Expand
TALON: An Automated Framework for Cross-Device Tracking Detection
TLDR
A novel methodology for detecting CDT and measuring the factors affecting its performance, in a repeatable and systematic way is proposed, based on emulating realistic browsing activity of end-users, from different devices, and thus triggering and detecting cross-device targeted ads. Expand
...
1
2
3
4
5
...

References

SHOWING 1-10 OF 27 REFERENCES
On the Robustness of Mobile Device Fingerprinting: Can Mobile Users Escape Modern Web-Tracking Mechanisms?
TLDR
It is shown that widely used techniques do not perform well for mobile devices yet, but that it is possible to build a fingerprinting system for precise recognition and identification, and whether it is Possible to outrun fingerprinting of mobile devices is analyzed. Expand
Mobile Device Identification via Sensor Fingerprinting
TLDR
It is shown that the entropy from sensor fingerprinting is sufficient to uniquely identify a device among thousands of devices, with low probability of collision. Expand
Inaudible Sound as a Covert Channel in Mobile Devices
TLDR
This work implemented an ultrasonic modem for Android and found that it could send signals up to 100 feet away and was practical with the transmitter inside of a pocket, and proposed two sound-based covert channels, ultrasonic and isolated sound. Expand
Acoustic Fingerprinting Revisited: Generate Stable Device ID Stealthily with Inaudible Sound
TLDR
A new and more practical method for the adversaries to generate stable and unique device ID stealthily for the smartphone by exploiting the frequency response of the speaker and the results show the generated device ID can be used to track users practically. Expand
Do You Hear What I Hear?: Fingerprinting Smart Devices Through Embedded Acoustic Components
TLDR
This study studies the feasibility of using microphones and speakers embedded in smartphones to uniquely fingerprint individual devices, and identifies the prominent acoustic features capable of fingerprinting smart devices with a high success rate. Expand
Fingerprinting Mobile Devices Using Personalized Configurations
TLDR
Experimental evaluations based on almost 13,000 fingerprints from approximately 8,000 different real-world devices show that all fingerprints are unique and distinguishable and utilizing a supervised learning approach allows returning users or their devices to be recognized with a total accuracy of 97% over time. Expand
Cookieless Monster: Exploring the Ecosystem of Web-Based Device Fingerprinting
TLDR
By analyzing the code of three popular browser-fingerprinting code providers, it is revealed the techniques that allow websites to track users without the need of client-side identifiers and how fragile the browser ecosystem is against fingerprinting through the use of novel browser-identifying techniques. Expand
On lightweight mobile phone application certification
TLDR
The Kirin security service for Android is proposed, which performs lightweight certification of applications to mitigate malware at install time and indicates that security configuration bundled with Android applications provides practical means of detecting malware. Expand
TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones
TLDR
TaintDroid is an efficient, system-wide dynamic taint tracking and analysis system capable of simultaneously tracking multiple sources of sensitive data and enabling realtime analysis by leveraging Android’s virtualized execution environment. Expand
Exfiltrating data from Android devices
TLDR
An adversary model for Android covert data exfiltration is proposed, and it is demonstrated how it can be used to construct a mobile data ex filtration technique (MDET) to covertly exfiltrate data from Android devices. Expand
...
1
2
3
...