How to phone home with someone else’s phone: Information exfiltration using intentional sound noise on gyroscopic sensors

Benyamin Farshteindiker, Nir Hasidim, Asaf Grosz, Yossi Oren

Research output: Contribution to conferencePaperpeer-review

15 Scopus citations

Abstract

We show how a low-power device, such as a surveillance bug, can take advantage of a nearby mobile phone to exfiltrate arbitrary secrets across the Internet at a data rate of hundreds to thousands of bits per second, all without the phone owner’s awareness or permission. All the attack requires is for the phone to browse to an attacker-controlled website. This feat is carried out by exploiting a particular characteristic of the phone’s gyroscope which was discovered by Son et al. in [11]. We discuss the theoretical principles behind our attack, evaluate it on several different mobile devices, and discuss potential countermeasures and mitigations. Finally, we suggest how this attack vector can be used benevolently for the purpose of safer and easier two-factor authentication.

Original languageEnglish
StatePublished - 1 Jan 2016
Event10th USENIX Workshop on Offensive Technologies, WOOT 2016 - Austin, United States
Duration: 8 Aug 20169 Aug 2016

Conference

Conference10th USENIX Workshop on Offensive Technologies, WOOT 2016
Country/TerritoryUnited States
CityAustin
Period8/08/169/08/16

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Hardware and Architecture
  • Information Systems
  • Software

Fingerprint

Dive into the research topics of 'How to phone home with someone else’s phone: Information exfiltration using intentional sound noise on gyroscopic sensors'. Together they form a unique fingerprint.

Cite this