How to Phone Home with Someone Else’s Phone: Information Exfiltration Using Intentional Sound Noise on Gyroscopic Sensors

Authors: 

Benyamin Farshteindiker, Nir Hasidim, Asaf Grosz, and Yossi Oren, Ben-Gurion University of the Negev

Abstract: 

We show how a low-power device, such as a surveillance bug, can take advantage of a nearby mobile phone to exfiltrate arbitrary secrets across the Internet at a data rate of hundreds to thousands of bits per second, all without the phone owner’s awareness or permission. All the attack requires is for the phone to browse to an attacker-controlled website. This feat is carried out by exploiting a particular characteristic of the phone’s gyroscope which was discovered by Son et al. We discuss the theoretical principles behind our attack, evaluate it on several different mobile devices, and discuss potential countermeasures and mitigations. Finally, we suggest how this attack vector can be used benevolently for the purpose of safer and easier two-factor authentication.

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

BibTeX
@inproceedings {198407,
author = {Benyamin Farshteindiker and Nir Hasidim and Asaf Grosz and Yossi Oren},
title = {How to Phone Home with Someone {Else{\textquoteright}s} Phone: Information Exfiltration Using Intentional Sound Noise on Gyroscopic Sensors},
booktitle = {10th USENIX Workshop on Offensive Technologies (WOOT 16)},
year = {2016},
address = {Austin, TX},
url = {https://www.usenix.org/conference/woot16/workshop-program/presentation/farshteindiker},
publisher = {USENIX Association},
month = aug
}
Download
Farshteindiker PDF
View the slides