Power to peep-all: Inference Attacks by Malicious Batteries on Mobile Devices.

Pavel Lifshits, Roni Forte, Yedid Hoshen, Matt Halpern, Manuel Philipose, Mohit Tiwari, Mark Silberstein

Research output: Contribution to journalArticlepeer-review

Abstract

Mobile devices are equipped with increasingly smart batteries designed to provide responsiveness and extended lifetime. However, such smart batteries may present a threat to users’ privacy. We demonstrate that the phone’s power trace sampled from the battery at 1KHz holds enough information to recover a variety of sensitive information. We show techniques to infer characters typed on a touchscreen; to accurately recover browsing history in an open-world setup; and to reliably detect incoming calls, and the photo shots including their lighting conditions. Combined with a novel exfiltration technique that establishes a covert channel from the battery to a remote server via a web browser, these attacks turn the malicious battery into a stealthy surveillance device. We deconstruct the attack by analyzing its robustness to sampling rate and execution conditions. To find mitigations we identify the sources of the information leakage exploited by the attack. We discover that the GPU or DRAM power traces alone are sufficient to distinguish between different websites. However, the CPU and power-hungry peripherals such as a touchscreen are the primary sources of fine-grain information leakage. We consider and evaluate possible mitigation mechanisms, highlighting the challenges to defend against the attacks. In summary, our work shows the feasibility of the malicious battery and motivates further research into system and application-level defenses to fully mitigate this emerging threat.
Original languageEnglish
Article number4
Pages (from-to)141-158
Number of pages18
JournalProceedings on Privacy Enhancing Technologies
Volume2018
Issue number4
DOIs
StatePublished - 2018

Keywords

  • Malicious battery
  • Power side-channel

Fingerprint

Dive into the research topics of 'Power to peep-all: Inference Attacks by Malicious Batteries on Mobile Devices.'. Together they form a unique fingerprint.

Cite this