SonarSnoop: active acoustic side-channel attacks

We report the first active acoustic side-channel attack. Speakers are used to emit human inaudible acoustic signals, and the echo is recorded via microphones, turning the acoustic system of a smart phone into a sonar system. The echo signal can be used to profile user interaction with the device. For example, a victim’s finger movements can be inferred to steal Android unlock patterns. In our empirical study, the number of candidate unlock patterns that an attacker must try to authenticate herself to a Samsung S4 phone can be reduced by up to 70% using this novel acoustic side-channel. The attack is entirely unnoticeable to victims. Our approach can be easily applied to other application scenarios and device types. Overall, our work highlights a new family of security threats.

[1]  Ross J. Anderson,et al.  PIN skimmer: inferring PINs through the camera and microphone , 2013, SPSM '13.

[2]  Yajin Zhou,et al.  Hey, You, Get Off of My Market: Detecting Malicious Apps in Official and Alternative Android Markets , 2012, NDSS.

[3]  Markus Dürmuth,et al.  Quantifying the security of graphical passwords: the case of android unlock patterns , 2013, CCS.

[4]  Wei Wang,et al.  Device-free gesture tracking using acoustic signals , 2016, MobiCom.

[5]  Feng Zhou,et al.  Keyboard acoustic emanations revisited , 2005, CCS '05.

[6]  David A. Wagner,et al.  Android permissions: user attention, comprehension, and behavior , 2012, SOUPS.

[7]  Adam J. Aviv,et al.  Smudge Attacks on Smartphone Touch Screens , 2010, WOOT.

[8]  Yajin Zhou,et al.  Detecting repackaged smartphone applications in third-party android marketplaces , 2012, CODASPY '12.

[9]  Arie Yeredor,et al.  Dictionary attacks using keyboard acoustic emanations , 2006, CCS '06.

[10]  Stefan Mangard,et al.  Systematic Classification of Side-Channel Attacks: A Case Study for Mobile Devices , 2016, IEEE Communications Surveys & Tutorials.

[11]  Anku Adhikari,et al.  Leave Your Phone at the Door: Side Channels that Reveal Factory Floor Secrets , 2016, CCS.

[12]  Jie Yang,et al.  Snooping Keystrokes with mm-level Audio Ranging on a Single Phone , 2015, MobiCom.

[13]  Sangki Yun,et al.  Strata: Fine-Grained Acoustic-based Device-Free Tracking , 2017, MobiSys.

[14]  Arquimedes Canedo,et al.  Acoustic Side-Channel Attacks on Additive Manufacturing Systems , 2016, 2016 ACM/IEEE 7th International Conference on Cyber-Physical Systems (ICCPS).

[15]  Jun Ho Huh,et al.  SysPal: System-Guided Pattern Locks for Android , 2017, 2017 IEEE Symposium on Security and Privacy (SP).

[16]  Adi Shamir,et al.  RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis , 2014, CRYPTO.

[17]  Adam J. Aviv,et al.  Practicality of accelerometer side channels on smartphones , 2012, ACSAC '12.

[18]  Anindya Maiti,et al.  Smartwatch-Based Keystroke Inference Attacks and Context-Aware Protection Mechanisms , 2016, AsiaCCS.

[19]  Shwetak N. Patel,et al.  Gesture Recognition Using Wireless Signals , 2015, GETMBL.

[20]  Tadayoshi Kohno,et al.  CovertBand , 2017, Proc. ACM Interact. Mob. Wearable Ubiquitous Technol..

[21]  Patrick Traynor,et al.  (sp)iPhone: decoding vibrations from nearby keyboards using mobile phone accelerometers , 2011, CCS '11.

[22]  Hao Chen,et al.  Defending against sensor-sniffing attacks on mobile phones , 2009, MobiHeld '09.

[23]  Desney S. Tan,et al.  FingerIO: Using Active Sonar for Fine-Grained Finger Tracking , 2016, CHI.

[24]  Guevara Noubir,et al.  Single-stroke language-agnostic keylogging using stereo-microphones and domain specific machine learning , 2014, WiSec '14.

[25]  Yuval Elovici,et al.  Detecting Cyber-Physical Attacks in Additive Manufacturing using Digital Audio Signing , 2017, ArXiv.

[26]  Arquimedes Canedo,et al.  Confidentiality Breach Through Acoustic Side-Channel in Cyber-Physical Additive Manufacturing Systems , 2017, ACM Trans. Cyber Phys. Syst..

[27]  Xiaojiang Chen,et al.  Cracking Android Pattern Lock in Five Attempts , 2017, NDSS.

[28]  Manfred Pinkal,et al.  Acoustic Side-Channel Attacks on Printers , 2010, USENIX Security Symposium.

[29]  M. R. Turner,et al.  Texture discrimination by Gabor functions , 1986, Biological Cybernetics.

[30]  Rakesh Agrawal,et al.  Keyboard acoustic emanations , 2004, IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004.

[31]  Wei Wang,et al.  Device-free gesture tracking using acoustic signals: demo , 2016, MobiCom.

[32]  Brian Randell,et al.  An Acoustic Side Channel Attack on Enigma , 2015 .

[33]  Mauro Conti,et al.  Don't Skype & Type!: Acoustic Eavesdropping in Voice-Over-IP , 2016, AsiaCCS.

[34]  Neal Patwari,et al.  See-Through Walls: Motion Tracking Using Variance-Based Radio Tomography Networks , 2011, IEEE Transactions on Mobile Computing.