Power to peep-all: Inference Attacks by Malicious Batteries on Mobile Devices

Lifshits, Pavel; Forte, R.; Hoshen, Yedid; Halpern, Matthew; Philipose, Manuel; Tiwari, Mohit; Silberstein, Mark

doi:10.1515/popets-2018-0036

Cited by 26 publications

(38 citation statements)

References 21 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Undersampling: Molka et al [61] used a physicallyconnected power meter to record a victim system's power consumption at a rate of 10 Hz, distinguishing loops of nops and other instructions. Attacks with similar sampling rates to ours were shown by Genkin et al [22], who recovered 4096-bit GnuPG RSA keys and program code via acoustic cryptanalysis, and Lifshits et al [52], who inferred sensitive data, including keystrokes, via a malicious battery storing power traces. These works sampled at ≈24 kHz (mobile phone attack) and 1 kHz, respectively.…”

Section: A Related Worksupporting

confidence: 75%

PLATYPUS: Software-based Power Side-Channel Attacks on x86

Lipp

Kogler

Oswald

et al. 2021

2021 IEEE Symposium on Security and Privacy (SP)

101

View full text Add to dashboard Cite

Where a licence is displayed above, please note the terms and conditions of the licence govern your use of this document.When citing, please reference the published version. Take down policyWhile the University of Birmingham exercises care and attention in making items available there are rare occasions when an item has been uploaded in error or has been deemed to be commercially or otherwise sensitive.

show abstract

Section: A Related Worksupporting

confidence: 75%

PLATYPUS: Software-based Power Side-Channel Attacks on x86

Lipp

Kogler

Oswald

et al. 2021

2021 IEEE Symposium on Security and Privacy (SP)

101

View full text Add to dashboard Cite

show abstract

“…Yang et al [38] showed that the transition between running apps leaves a side-channel in memory that can be used to determine what application was executing. Lifshits et al [22] installed a malicious, power monitoring battery in a smartphone in 11 order to identify various types of activity. Qin et al [29] also adopt a similar approach to smartphone website fingerprinting by using a malicious application which estimates the fluctuation of power data.…”

Section: Related Workmentioning

confidence: 99%

Wireless Charging Power Side-Channel Attacks

La Cour,

Afridi,

Suh

2021

Preprint

View full text Add to dashboard Cite

This paper shows that today's wireless charging interface is vulnerable to power side-channel attacks; a smartphone charging wirelessly leaks private information about its activity to the wireless charger (charging transmitter). We present a website fingerprinting attack through the wireless charging side-channel for both iOS and Android devices. The attack monitors the current drawn by the wireless charging transmitter while 20 webpages from the Alexa top sites list are loaded on a charging smartphone. We implement a classifier that correctly identifies unlabeled current traces with an accuracy of 87% on average for an iPhone 11 and 95% on average for a Google Pixel 4. This represents a considerable security threat because wireless charging does not require any user permission if the phone is within the range of a charging transmitter. To the best of our knowledge, this work represents the first to introduce and demonstrate a power side-channel attack through wireless charging. Additionally, this study compares the wireless charging side-channel with the wired USB charging power side-channel, showing that they are comparable. We find that the performance of the attack deteriorates as the contents of websites change over time. Furthermore, we discover that the amount of information leakage through both wireless and wired charging interfaces heavily depends on the battery level; minimal information is leaked at low battery levels.

show abstract

“…For example, it has been recently reported that some microchips were added to servers' motherboards during the manufacturing process without the knowledge of a major server vendor [63]. In other instances, ShadowPad was implanted into a software program developed by a third-party vendor, affecting hundreds of large businesses [45], while malicious batteries [53] and other hardware Trojans [76] are all known threats to data security. An even more striking example is that over 100,000 computers that had never been connected to any network were also implanted with information-stealing hardware Trojans by using a classified technology [68].…”

Section: Threat Modelmentioning

confidence: 99%

Your Noise, My Signal: Exploiting Switching Noise for Stealthy Data Exfiltration from Desktop Computers

Shao,

Islam,

Ren

2020

Preprint

View full text Add to dashboard Cite

Attacks based on power analysis have been long existing and studied, with some recent works focused on data exfiltration from victim systems without using conventional communications (e.g., WiFi). Nonetheless, prior works typically rely on intrusive direct power measurement, either by implanting meters in the power outlet or tapping into the power cable, thus jeopardizing the stealthiness of attacks. In this paper, we propose NoDE (Noise for Data Exfiltration), a new system for stealthy data exfiltration from enterprise desktop computers. Specifically, NoDE achieves data exfiltration over a building's power network by exploiting high-frequency voltage ripples (i.e., switching noises) generated by power factor correction circuits built into today's computers. Located at a distance and even from a different room, the receiver can non-intrusively measure the voltage of a power outlet to capture the high-frequency switching noises for online information decoding without supervised training/learning. To evaluate NoDE, we run experiments on seven different computers from top vendors and using top-brand power supply units. Our results show that for a single transmitter, NoDE achieves a rate of up to 28.48 bits/second with a distance of 90 feet (27.4 meters) without the line of sight, demonstrating a practically stealthy threat. Based on the orthogonality of switching noise frequencies of different computers, we also demonstrate simultaneous data exfiltration from four computers using only one receiver. Finally, we present a few possible defenses, such as installing noise filters, and discuss their limitations.

show abstract

Power to peep-all: Inference Attacks by Malicious Batteries on Mobile Devices

Cited by 26 publications

References 21 publications

PLATYPUS: Software-based Power Side-Channel Attacks on x86

PLATYPUS: Software-based Power Side-Channel Attacks on x86

Wireless Charging Power Side-Channel Attacks

Your Noise, My Signal: Exploiting Switching Noise for Stealthy Data Exfiltration from Desktop Computers

Contact Info

Product

Resources

About