Nothing Special   »   [go: up one dir, main page]
Skip to main content
SpringerLink
Log in

Harvesting Smartphone Privacy Through Enhanced Juice Filming Charging Attacks

  • Conference paper
  • First Online:
Information Security (ISC 2017)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 10599))

Included in the following conference series:

Abstract

The increasingly high demand for smartphone charging in people’s daily lives has apparently encouraged much more public charging stations to be deployed in various places (e.g., shopping malls, airports). However, these public charging facilities may open a hole for cyber-criminals to infer private information and data from smartphone users. Juice filming charging (JFC) attack is a particular type of charging attacks, which is capable of stealing users’ sensitive information from both Android OS and iOS devices, through automatically monitoring and recording phone screen during the whole charging period. The rationale is that phone screen can be leaked through a standard micro USB connector, which adopts the Mobile High-Definition Link (MHL) standard. In practice, we identify that how to efficiently extract information from the captured videos remains a challenge for current JFC attack. To further investigate its practical influence, in this work, we focus on enhancing its performance in the aspects of extracting texts from images and correlating information, and then conducting a user study in a practical scenario. The obtained results demonstrate that our enhanced JFC attack can outperform the original one in collecting users’ information at large and extracting sensitive data with a higher accuracy. Our work aims to complement existing results and stimulate more efforts in defending smartphones against charging threats.

W. Meng — The author was previously known as Yuxin Meng.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    http://www.epiphan.com/products/vga2usb/.

  2. 2.

    https://code.google.com/p/tesseract-ocr/.

  3. 3.

    https://github.com/tesseract-ocr/tesseract/wiki/ImproveQuality.

References

  1. Andriesse, D., Bos, H.: Instruction-level steganography for covert trigger-based malware. In: Dietrich, S. (ed.) DIMVA 2014. LNCS, vol. 8550, pp. 41–50. Springer, Cham (2014). doi:10.1007/978-3-319-08509-8_3

    Google Scholar 

  2. Aviv, A.J., Gibson, K., Mossop, E., Blaze, M., Smith, J.M.: Smudge attacks on smartphone touch screens. In: Proceedings of the 4th USENIX Conference on Offensive Technologies (WOOT), pp. 1–7 (2010)

    Google Scholar 

  3. Cai, L., Chen, H.: TouchLogger: inferring keystrokes on touch screen from smartphone motion. In: Proceedings of the 6th USENIX Conference on Hot Topics in Security (HotSec), pp. 1–6 (2011)

    Google Scholar 

  4. Dagon, D., Martin, T., Starner, T.: Mobile phones as computing devices: the viruses are coming! IEEE Pervasive Comput. 3(4), 11–15 (2004)

    Google Scholar 

  5. De Luca, A., Hang, A., Brudy, F., Lindner, C., Hussmann, H.: Touch me once and i know its you!: implicit authentication based on touch screen patterns. In: Proceedings of the 2012 ACM Annual Conference on Human Factors in Computing Systems (CHI), pp. 987–996 (2012)

    Google Scholar 

  6. Feng, T., Liu, Z., Kwon, K.-A., Shi, W., Carbunary, B., Jiang, Y., Nguyen, N.: Continuous mobile authentication using touchscreen gestures. In: Proceedings the 2012 IEEE Conference on Technologies for Homeland Security (HST), pp. 451–456 (2012)

    Google Scholar 

  7. Frank, M., Biedert, R., Ma, E., Martinovic, I., Song, D.: Touchalytics: on the applicability of touchscreen input as a behavioral biometric for continuous authentication. IEEE Trans. Inf. Forensics Secur. 8(1), 136–148 (2013)

    Article  Google Scholar 

  8. Han, J., Owusu, E., Nguyen, L., Perrig, A., Zhang, J.: ACComplice: location inference using accelerometers on smartphones. In: Proceedings of the 4th International Conference on Communication Systems and Networks (COMSNETS), pp. 1–9, New York, NY, USA (2012)

    Google Scholar 

  9. IDC, Smartphone Momentum Still Evident with Shipments Expected to Reach 1.2 Billion in 2014 and Growing 23.1% Over (2013), http://www.idc.com/getdoc.jsp?containerId=prUS24857114

  10. Juice Jacking Vulnerability for iOS, https://www.infotransec.com/news/juice-jacking-vulnerability-ios

  11. Lau, B., Jang, Y., Song, C.: Mactans: Injecting malware into iOS devices via malicious chargers. Blackhat, USA (2013)

    Google Scholar 

  12. Li, L., Zhao, X., Xue, G.: Unobservable Re-authentication for Smartphones. In: Proceedings of the 20th Annual Network and Distributed System Security Symposium (NDSS), pp. 1–16 (2013)

    Google Scholar 

  13. Li, W., Meng, W.: An empirical study on email classification using supervised machine learning in real environments. In: Proceddings of the 2015 IEEE International Conference on Communications (ICC), pp. 7438–7443. IEEE (2015)

    Google Scholar 

  14. Lin, C.-C., Li, H., Zhou, X., Wang, X.: Screenmilker: how to milk your android screen for secrets. In: Proceedings of Annual Network and Distributed System Security Symposium (NDSS), pp. 1–10 (2014)

    Google Scholar 

  15. Marquardt, P., Verma, A., Carter, H., Traynor, P.: (sp)iPhone: decoding vibrations from nearby keyboards using mobile phone accelerometers. In: Proceedings of ACM Conference on Computer and Communications Security (CCS), pp. 551–562. ACM, New York (2011)

    Google Scholar 

  16. Meng, Y., Wong, D.S., Schlegel, R., Kwok, L.: Touch gestures based biometric authentication scheme for touchscreen mobile phones. In: Kutyłowski, M., Yung, M. (eds.) Inscrypt 2012. LNCS, vol. 7763, pp. 331–350. Springer, Heidelberg (2013). doi:10.1007/978-3-642-38519-3_21

    Chapter  Google Scholar 

  17. Meng, Y., Li, W., Kwok, L.-F.: Enhancing click-draw based graphical passwords using multi-touch on mobile phones. In: Janczewski, L.J., Wolfe, H.B., Shenoi, S. (eds.) SEC 2013. IAICT, vol. 405, pp. 55–68. Springer, Heidelberg (2013). doi:10.1007/978-3-642-39218-4_5

    Chapter  Google Scholar 

  18. Meng, W., Li, W., Kwok, L.F.: EFM: enhancing the performance of signature-based network intrusion detection systems using enhanced filter mechanism. Comput. Secur. 43, 189–204 (2014)

    Article  Google Scholar 

  19. Meng, W., Wong, D.S., Furnell, S., Zhou, J.: Surveying the development of biometric user authentication on mobile phones. IEEE Commun. Surv. Tutorials 17, 1268–1293 (2015)

    Article  Google Scholar 

  20. Meng, W., Lee, W.H., Murali, S.R., Krishnan, S.P.T.: Charging me and i know your secrets! towards juice filming attacks on smartphones. In: Proceedings of the Cyber-Physical System Security Workshop (CPSS), in Conjunction with AsiaCCS 2015. ACM (2015)

    Google Scholar 

  21. Meng, W., Lee, W.H., Murali, S.R., Krishnan, S.P.T.: JuiceCaster: towards automatic juice filming attacks on smartphones. J. Netw. Comput. Appl. 68, 201–212 (2016)

    Article  Google Scholar 

  22. Miluzzo, E., Varshavsky, A., Balakrishnan, S., Choudhury, R.R.: TapPrints: your finger taps have fingerprints. In: Proceedings of MobiSys, New York, NY, USA , pp. 323–336 (2012)

    Google Scholar 

  23. Owusu, E., Han, J., Das, S., Perrig, A., Zhang, J.: ACCessory: password inference using accelerometers on smartphones. In: Proceedings of the 12th Workshop on Mobile Computing Systems & Applications (HotMobile), pp. 1–6. ACM, New York (2012)

    Google Scholar 

  24. Ossmann, M., Osborn, K.: Multiplexed Wired Attack Surfaces. Black Hat USA (2013), https://media.blackhat.com/us-13/US-13-Ossmann-Multiplexed-Wired-Attack-Surfaces-WP.pdf

  25. Peng, S., Yu, S., Yang, A.: Smartphone malware and its propagation modeling: a survey. IEEE Commun. Surv. Tutorials 16(2), 925–941 (2014)

    Article  Google Scholar 

  26. Raguram, R., White, A.M., Goswami, D., Monrose, F., Frahm, J.-M.: iSpy: automatic reconstruction of typed input from compromising reflections. In: Proceedings of the 18th ACM Conference on Computer and Communications Security (CCS), pp. 527–536, ACM, New York (2011)

    Google Scholar 

  27. Sae-Bae, N., Memon, N., Isbister, K., Ahmed, K.: Multitouch gesture-based authentication. IEEE Trans. Inf. Forensics Secur. 9(4), 568–582 (2014)

    Article  Google Scholar 

  28. Schlegel, R., Zhang, K., Zhou, X., Intwala, M., Kapadia, A., Wang, X.: Soundcomber: a stealthy and context-aware sound Trojan for smartphones. In: Proceedings of the 18th Annual Network and Distributed System Security Symposium (NDSS), San Diego, CA, USA, pp. 17–33 (2011)

    Google Scholar 

  29. Spolaor, R., Abudahi, L., Moonsamy, V., Conti, M., Poovendran, R.: No free charge theorem: a covert channel viaUSB charging cable on mobile devices. In: Proceedings of the 15th International Conference on Applied Cryptography and Network Security (ACNS), pp. 84–102 (2017)

    Google Scholar 

  30. Singapore Power to provide 200 free mobile phone charging stations for SG50 (2015), http://www.straitstimes.com/singapore/singapore-power-to-provide-200-free-mobile-phone-charging-stations-for-sg50

  31. The Original USB Condom, http://int3.cc/products/usbcondoms

  32. Xing, L., Pan, X., Wang, R., Yuan, K., Wang, X.: Upgrading your android, elevating my malware: privilege escalation through mobile OS updating. In: Proceedings of the 2014 IEEE Symposium on Security and Privacy, Berkeley, CA, USA, pp. 393–408 (2014)

    Google Scholar 

  33. Zhang, Y., Xia, P., Luo, J., Ling, Z., Liu, B., Fu, X.: Fingerprint attack against touch-enabled devices. In: Proceedings of the 2nd ACM Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM), pp. 57–68. ACM, New York (2012)

    Google Scholar 

Download references

Acknowledgments

We would like to thank all anonymous reviewers for their helpful comments in improving the paper. This work was partially supported by National Natural Science Foundation of China (61602396).

Author information

Authors and Affiliations

  1. Department of Applied Mathematics and Computer Science, Technical University of Denmark, Kongens Lyngby, Denmark

    Weizhi Meng & Wenjuan Li

  2. Department of Computer Science, City University of Hong Kong, Hong Kong, China

    Fei Fei & Wenjuan Li

  3. Department of Computing, The Hong Kong Polytechnic University, Hong Kong, China

    Man Ho Au

Authors
  1. Weizhi Meng
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Fei Fei
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Wenjuan Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Man Ho Au
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Weizhi Meng .

Editor information

Editors and Affiliations

  1. Inria, Tokyo, Japan

    Phong Q. Nguyen

  2. Singapore University of Technology and Design, Singapore, Singapore

    Jianying Zhou

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Cite this paper

Meng, W., Fei, F., Li, W., Au, M.H. (2017). Harvesting Smartphone Privacy Through Enhanced Juice Filming Charging Attacks. In: Nguyen, P., Zhou, J. (eds) Information Security. ISC 2017. Lecture Notes in Computer Science(), vol 10599. Springer, Cham. https://doi.org/10.1007/978-3-319-69659-1_16

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-69659-1_16

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-69658-4

  • Online ISBN: 978-3-319-69659-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation