Final published version
Licence: CC BY: Creative Commons Attribution 4.0 International License
Research output: Contribution to Journal/Magazine › Journal article › peer-review
Research output: Contribution to Journal/Magazine › Journal article › peer-review
}
TY - JOUR
T1 - SonarSnoop
T2 - active acoustic side-channel attacks
AU - Cheng, Peng
AU - Bagci, Ibrahim
AU - Roedig, Utz
AU - Yan, Jeff
PY - 2020/3/1
Y1 - 2020/3/1
N2 - We report the first active acoustic side-channel attack. Speakers are used to emit human inaudible acoustic signals, and the echo is recorded via microphones, turning the acoustic system of a smart phone into a sonar system. The echo signal can be used to profile user interaction with the device. For example, a victim’s finger movements can be inferred to steal Android unlock patterns. In our empirical study, the number of candidate unlock patterns that an attacker must try to authenticate herself to a Samsung S4 phone can be reduced by up to 70% using this novel acoustic side channel. The attack is entirely unnoticeable to victims. Our approach can be easily applied to other application scenarios and device types. Overall, our work highlights a new family of security threats.
AB - We report the first active acoustic side-channel attack. Speakers are used to emit human inaudible acoustic signals, and the echo is recorded via microphones, turning the acoustic system of a smart phone into a sonar system. The echo signal can be used to profile user interaction with the device. For example, a victim’s finger movements can be inferred to steal Android unlock patterns. In our empirical study, the number of candidate unlock patterns that an attacker must try to authenticate herself to a Samsung S4 phone can be reduced by up to 70% using this novel acoustic side channel. The attack is entirely unnoticeable to victims. Our approach can be easily applied to other application scenarios and device types. Overall, our work highlights a new family of security threats.
KW - side-channel attack
KW - acoustic system
KW - active sonar
KW - mobile device
U2 - 10.1007/s10207-019-00449-8
DO - 10.1007/s10207-019-00449-8
M3 - Journal article
VL - 19
SP - 213
EP - 228
JO - International Journal of Information Security
JF - International Journal of Information Security
SN - 1615-5262
ER -