MagneticSpy: Exploiting Magnetometer in Mobile Devices for Website and Application Fingerprinting

Matyunin, Nikolay; Wang, Yujue; Arul, Tolga; Kullmann, Kristian; Szefer, Jakub; Katzenbeisser, Stefan

doi:10.48550/arxiv.1906.11117

Cited by 1 publication

(2 citation statements)

References 16 publications

(26 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Block et al leveraged magnetometers' ability to detect locations of users' devices within commercial GPS accuracy [7]. Researchers also demonstrated that electromagnetic field measured by smartphone magnetometers could be exploited for webpage [22], and device [29] fingerprinting. Compared with existing side channels, we introduce a new side-channel attack to identify users' handwriting by analyzing the magnetic impact of the embedded magnets in modern stylus pencils sensed by device magnetometers.…”

Section: Related Workmentioning

confidence: 99%

“…Prior efforts have unveiled security and privacy concerns that result from applications having access to motion sensors' data. Such works propose attacks targeted at inferring users' privacy-sensitive data such as touch actions and keystrokes [21,24,33], passwords and PIN codes [24,28], and application and webpage fingerprinting [22,27]. Unfortunately, side-channel attacks continue to be a major source of concern to users and developers due to frequent software updates and new devices introduced in the market.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

S3

Farrukh

Yang

et al. 2021

Proc. ACM Interact. Mob. Wearable Ubiquitous Technol.

View full text Add to dashboard Cite

With smart devices being an essential part of our everyday lives, unsupervised access to the mobile sensors' data can result in a multitude of side-channel attacks. In this paper, we study potential data leaks from Apple Pencil (2nd generation) supported by the Apple iPad Pro, the latest stylus pen which attaches to the iPad body magnetically for charging. We observe that the Pencil's body affects the magnetic readings sensed by the iPad's magnetometer when a user is using the Pencil. Therefore, we ask: Can we infer what a user is writing on the iPad screen with the Apple Pencil, given access to only the iPad's motion sensors' data? To answer this question, we present Side-channel attack on Stylus pencil through Sensors (S3), a system that identifies what a user is writing from motion sensor readings. We first use the sharp fluctuations in the motion sensors' data to determine when a user is writing on the iPad. We then introduce a high-dimensional particle filter to track the location and orientation of the Pencil during usage. Lastly, to guide particles, we build the Pencil's magnetic map serving as a bridge between the measured magnetic data and the Pencil location and orientation. We evaluate S3 with 10 subjects and demonstrate that we correctly identify 93.9%, 96%, 97.9%, and 93.33% of the letters, numbers, shapes, and words by only having access to the motion sensors' data.

show abstract

Section: Related Workmentioning

confidence: 99%