Presented at Black Hat Europe 2018
Dec. 5, 2018, 10:30 a.m.
Thanks to their omnipresence and multi-purposeness, users rely on smartphones to execute in few touches a wide range of privacy-related operation, such as accessing bank accounts, checking emails, or transferring money. While not long time ago users were seeking constant Internet connection (e.g., via free Wi-Fi hotspot), now they also look for energy sources to recharge their smartphones' battery, due to the use of more energy-draining apps (e.g., Pokémon Go).
This phenomenon has led to the diffusion of free charging stations in public places and the marketing of portable batteries a.k.a. powerbanks. Despite the preventive measures implemented by Android's developers in order to prevent data transfer via USB cable (i.e., "Charging only" mode), we are able to exploit a hidden communication channel which leverages only the electrical current provided for charging the smartphone.
On one side, a malicious app (which can be disguised as a legitimate, clean app) installed on the victim's phone, which only requires wakelock permission (i.e., to wake up the phone when it is idle), remains silent until the device is plugged to a USB port and left unattended. Then, such app begins transmitting sensitive data coded in energy consumption peaks. On the other side, the energy provider (e.g., powerbank) is able to measure such peaks and then reconstruct the transmitted information. All this happens without the malicious app's access to Internet or other permissions, except for the information that it wants to exfiltrate.
- Prof., University of Padua, Italy
Mauro Conti is Full Professor at the University of Padua, Italy, and Affiliate Professor at the University of Washington, Seattle, USA. He obtained his Ph.D. from Sapienza University of Rome, Italy, in 2009. After his Ph.D., he was a Post-Doc Researcher at Vrije Universiteit Amsterdam, The Netherlands. In 2011 he joined as Assistant Professor the University of Padua, where he became Associate Professor in 2015, and Full Professor in 2018. He has been Visiting Researcher at GMU (2008, 2016), UCLA (2010), UCI (2012, 2013, 2014, 2017), TU Darmstadt (2013), UF (2015), and FIU (2015, 2016). He has been awarded with a Marie Curie Fellowship (2012) by the European Commission, and with a Fellowship by the German DAAD (2013). His research is also funded by companies, including Cisco and Intel. His main research interest is in the area of security and privacy. In this area, he published more than 200 papers in topmost international peer-reviewed journals and conference. He is Area Editor-in-Chief for IEEE Communications Surveys & Tutorials, and Associate Editor for several journals, including IEEE Communications Surveys & Tutorials, IEEE Transactions on Information Forensics and Security, and IEEE Transactions on Network and Service Management. He was Program Chair for TRUST 2015, ICISS 2016, WiSec 2017, and General Chair for SecureComm 2012 and ACM SACMAT 2013. He is Senior Member of the IEEE.
- Dr., Utrecht University, The Netherlands
Veelasha Moonsamy is an Assistant Professor in the Software Systems group at the Department of Information and Computing Sciences at Utrecht University, The Netherlands. In 2015, she received her PhD degree from Deakin University (Australia) under the supervision of Prof. Lynn Batten. Her thesis was titled 'Security and Privacy of Users' Personal Information on Smartphones'. Her research interests revolves around security and privacy on mobile devices, in particular side- and covert-channel attacks, malware detection, and mitigation of information leaks at application and hardware level.
- Mr., University of Padua, Italy
Riccardo Bonafede is a bachelor student in Computer Engineering at University of Padua, Italy. He is working on his BSc thesis about side-channel attacks on mobile devices. He is interested in many research fields such as security, privacy and telecommunications. He also participated in numerous Capture The Flag contests with the Spritzers hacking team.
- Dr., University of Oxford, UK
Riccardo Spolaor obtained his Ph.D. in Brain, Mind, and Computer Science at the University of Padua, Italy, in 2018. He obtained his Master's Degree in Computer Science in 2014 from the same university, with a thesis about smartphone privacy attack inferring user actions via traffic analysis. In November 2014, he started his Ph.D. under the supervision of Prof. Mauro Conti. He has been a Visiting Ph.D. Student at Radboud University (2015), Ruhr-Universitat Bochum (2016), and University of Oxford (2016, 2017, and 2018). His main research interests are privacy and security issues on mobile devices. In particular, he applies machine learning techniques to infer user information relying on side-channel analysis. Most of the research that he carried out up to now is about the application of machine learning classifiers to network traffic and energy consumption traces.