Eavesdropping user credentials via GPU side channels on smartphones

Yang, Boyuan; Chen, Ruirong; Huang, Kerson; Yang, Jun; Gao, Wei

doi:10.1145/3503222.3507757

Cited by 6 publications

(4 citation statements)

References 37 publications

(40 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Data normalization. As mentioned in §IV-B, a keystroke may last from 0.05 to 0.2 seconds on average [76]. Similarly, users may spend different duration on each interface, and the smartphone could launch an app at different speeds.…”

Section: Methodsmentioning

confidence: 99%

“…Next, considering each activity may last a different length of time in every attempt (e.g., a single keystroke may take 0.05-0.2 second [76]), it also normalizes each activity attempt into the same length of time via property-preserving up-sampling (e.g., nearest neighbor interpolation [55]) or down-sampling (e.g., decimation factor [33]) algorithms.…”

Section: B Building User Interaction Contextmentioning

confidence: 99%

“…Impacts from different users. Considering previous studies have found that users spend different amounts of time for each keystroke [76], WISERS normalizes each keystroke trace to reduce such impacts on recovering keystrokes. To evaluate its performance, we have conducted an IRB-approved user study.…”

Section: Impact Factorsmentioning

confidence: 99%

See 2 more Smart Citations

Uncovering User Interactions on Smartphones via Contactless Wireless Charging Side Channels

Zhang

Zuo

et al. 2023

2023 IEEE Symposium on Security and Privacy (SP)

View full text Add to dashboard Cite

Today, there is an increasing number of smartphones supporting wireless charging that leverages electromagnetic induction to transmit power from a wireless charger to the charging smartphone. In this paper, we report a new contactless and context-aware wireless-charging side-channel attack, which captures two physical phenomena (i.e., the coil whine and the magnetic field perturbation) generated during this wireless charging process and further infers the user interactions on the charging smartphone. We design and implement a threestage attack framework, dubbed WISERS, to demonstrate the practicality of this new side channel. WISERS first captures the coil whine and the magnetic field perturbation emitted by the wireless charger, then infers (i) inter-interface switches (e.g., switching from the home screen to an app interface) and (ii) intra-interface activities (e.g., keyboard inputs inside an app) to build user interaction contexts, and further reveals sensitive information. We extensively evaluate the effectiveness of WISERS with popular smartphones and commercial-off-theshelf (COTS) wireless chargers. Our evaluation results suggest that WISERS can achieve over 90.4% accuracy in inferring sensitive information, such as screen-unlocking passcode and app launch. In addition, our study also shows that WISERS is resilient to a list of impact factors.

show abstract

Section: Methodsmentioning

confidence: 99%

Section: B Building User Interaction Contextmentioning

confidence: 99%

See 1 more Smart Citation

Uncovering User Interactions on Smartphones via Contactless Wireless Charging Side Channels

Zhang

Zuo

et al. 2023

2023 IEEE Symposium on Security and Privacy (SP)

View full text Add to dashboard Cite

show abstract

“…Prior work uses side-channels such as electromagnetic emanations [24], [60], reflections [7], smartphone accelerometers [37], [45], timing [58], and performance counters [67] to infer keystrokes on personal computers and mobile devices.…”

Section: Related Work a Keystroke Side-channel Attacksmentioning

confidence: 99%

Acoustic Keystroke Leakage on Smart Televisions

Kannan,

Wang,

Sunog

et al. 2024

Proceedings 2024 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

Smart Televisions (TVs) are internet-connected TVs that support video streaming applications and web browsers. Users enter information into Smart TVs through on-screen virtual keyboards. These keyboards require users to navigate between keys with directional commands from a remote controller. Given the extensive functionality of Smart TVs, users type sensitive information (e.g., passwords) into these devices, making keystroke privacy necessary. This work develops and demonstrates a new side-channel attack that exposes keystrokes from the audio of two popular Smart TVs: Apple and Samsung. This side-channel attack exploits how Smart TVs make different sounds when selecting a key, moving the cursor, and deleting a character. These properties allow an attacker to extract the number of cursor movements between selections from the TV's audio. Our attack uses this extracted information to identify the likeliest typed strings. Against realistic users, the attack finds up to 33.33% of credit card details and 60.19% of common passwords within 100 guesses. This vulnerability has been acknowledged by Samsung and highlights how Smart TVs must better protect sensitive data.

show abstract

A novel GPU based Geo-Location Inference Attack on WebGL framework

Mai

Xiao

2023

High-Confidence Computing

View full text Add to dashboard Cite

Eavesdropping user credentials via GPU side channels on smartphones

Cited by 6 publications

References 37 publications

Uncovering User Interactions on Smartphones via Contactless Wireless Charging Side Channels

Uncovering User Interactions on Smartphones via Contactless Wireless Charging Side Channels

Acoustic Keystroke Leakage on Smart Televisions

A novel GPU based Geo-Location Inference Attack on WebGL framework

Contact Info

Product

Resources

About