How to Phone Home with Someone Else’s Phone

Slides:

Advertisements

Similar presentations

More Accurate Bus Prediction Allows Passengers to find alternate forms of transportation Do this with energy efficiency in mind Dont use any high level.

Advertisements

Aaron Burg Azeem Meruani Michael Wickmann Robert Sandheinrich

NFC Security What is NFC? NFC Possible Security Attacks. NFC Security Attacks Countermeasures. Conclusion. References.

Slide Ruler. ? X 5" On today’s menu...  What happened with Gravity  Noise  The tool today  Fundamental Limitations  Magical Christmas Land  (Where.

Technical Issues Regarding Near Field Communication Group 16 Tyler Swofford Matthew Kotan.

Roman Schlegel City University of Hong Kong Kehuan Zhang Xiaoyong Zhou Mehool Intwala Apu Kapadia XiaoFeng Wang Indiana University Bloomington NDSS SYMPOSIUM.

GRS: The Green, Reliability, and Security of Emerging Machine to Machine Communications Rongxing Lu, Xu Li, Xiaohui Liang, Xuemin (Sherman) Shen, and Xiaodong.

VoIP alarm monitoring. Traditional alarm systems Motion sensor Smoke detector Camera Premise Controll Unit Fire station Security service Central station.

A practical DSP solution for mobile phone stereo sound recording.

Single-stroke Language-Agnostic Keylogging using Stereo-Microphones and Domain Specific Machine Learning Sashank Narain Amirali Sanatinia Guevara.

Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses Authors: Daniel Halperin, Thomas S. Heydt-Benjamin, Benjamin.

Ryan Roberts Gyroscopes.

1 Remote Power Analysis of RFID Tags Joint work with Adi Shamir yossi.oren[at]weizmann.ac.il 28/Aug/06.

FLIGHT: Clock Calibration Using Fluorescent Lighting Zhenjiang Li, Wenwei Chen, Cheng Li, Mo Li, Xiang-Yang Li, Yunhao Liu Nanyang Technological University,

Peter Parnes, PhD Luleå University of Technology Media Technology April , Luleå teknik medie Human Communication.

P08006: Physical Therapy Motion Tracking System Sponsor: National Science Foundation Customer: Nazareth Physical Therapy Clinic Josemaria Mora Electrical.

Ultra-Low Power Gesture Recognition System Bryce Kellogg, Vamsi Talla, Shyam Gollakota.

Wireless Sensor Networks Smart Environments: Technologies, Protocols, and Applications ed. D.J. Cook and S.K. Das, John Wiley, New York, B.Devi

Haptic: Image: Audio: Text: Landmark: YesNo YesNo YesNo YesNo YesNo Haptic technology, or haptics, is a tactile feedback technology that takes advantage.

SIDE CHANNEL ATTACKS Presented by: Vishwanath Patil Abhay Jalisatgi.

Using Motion Detection, Alerts and Alarms

Graphic Equalizer Table By Jose Lerma. Main Idea The main idea of this table is to display the frequencies of any sound or audio input, either by microphone.

Physical Contact in Ad-Hoc Wireless Network Nie Pin

SoundSense: Scalable Sound Sensing for People-Centric Application on Mobile Phones Hon Lu, Wei Pan, Nocholas D. lane, Tanzeem Choudhury and Andrew T. Campbell.

Ambulation : a tool for monitoring mobility over time using mobile phones Computational Science and Engineering, CSE '09. International Conference.

Inferno : Side-channel Attacks for Mobile Web Browsers Manuel Philipose, Matthew Halpern, Pavel Lifshits, Mark Silberstein, Mohit Tiwari Background and.

多媒體網路安全實驗室 An Efficient RFID Authentication Protocol for Low-cost Tags Date ： Reporter : Hong Ji Wei Authors : Yanfei Liu From : 2008 IEEE/IFIP.

Video Production for Education & Training Bill Duff, Jr. Copyright 1999 College of Human Resources & Education West Virginia University.

MARS: A Muscle Activity Recognition System Enabling Self-conﬁguring Musculoskeletal Sensor Networks IPSN 2013 NSLab study group 2013/06/17 Presented by:

TouchLogger: Inferring Keystrokes on Touch Screen from Smartphone Motion Liang Cai and Hao Chen UC Davis.

Leave Me Alone: App-level Protection Against

THE HUMAN BODY AS TOUCH SCREEN

OWASP AppSec Israel, 13/Oct/2015 Yossi Oren, Ben Gurion University Joint work with Vasileios P. Kemerlis,

Turning a Mobile Device into a Mouse in the Air

Sensors For Mobile Phones  Ambient Light Sensor  Proximity Sensor  GPS Receiver Sensor  Gyroscope Sensor  Barometer Sensor  Accelerometer Sensor.

Contents: 1. Introduction 2. Gyroscope specifications 3. Drift rate compensation 4. Orientation error correction 5. Results 6. Gyroscope and odometers.

The Intelliglove Ryan DeFord Fred Grandlienard Kevin Mohr Andrew Gregor.

Wireless vs. Wired EEG Application 6137-Algorithms in Network Theory 2013.

Android and IOS Permissions Why are they here and what do they want from me?

Fire Fighting Robotic Vehicle. Introduction:  It is designed to develop a fire fighting robot using RF technology for remote.

Wireless Sensor Network: A Promising Approach for Distributed Sensing Tasks.

The Equations of Motion Euler angle rate equations:

Smartphone sensors Gyroscope: The gyroscope is a sensor that can provide orientation information with great precision. Magnetometer: It is able to detect.

Mobile phone sensors. Sensors Sensors gyroscope The gyroscope is a sensor that can provide orientation information as well. This sensor can tell how.

COMPSCI 720 Security for Smart-devices Tracking Mobile Web Users Through Motion Sensors: Attacks and Defenses [1] Harry Jackson hjac660 [1] Das, Anupam,

Teng Wei and Xinyu Zhang

When CSI Meets Public WiFi: Inferring Your Mobile Phone Password via WiFi Signals Warren Yeu When CSI Meets Public Wifi.

Jamming for good: a fresh approach to authentic communication in WSNs

Markus Miettinen N. Asokan Thien Duc Nguyen

MART: Music Assisted Running Trainer

A robust and anonymous patient monitoring system using wireless medical sensor networks Source: Future Generation Computer Systems, Available online 8.

Modeling a Novel MEMS Gyroscope

Outline Introduction Characteristics of intrusion detection systems

Introduction What is a transducer? A device which converts energy in one form to another. Transducer Active Passive Generates its own electrical voltage.

Cochlear Implants.

Mobile Handset Sensors

The security and vulnerabilities of IoT devices

ASHIKA S ROLL NO: 20.

MULTIMEDIA OVER WIRELESS BROADBAND NETWORKS

PRESENTED BY: CH.MOUNICA B.KEERTHANA SKINPUT. PRESENTED BY: CH.MOUNICA B.KEERTHANA SKINPUT.

William Claycomb and Dongwan Shin

LATERALLY-DRIVEN DEFORMATION-ROBUST MEMS GYROSCOPES

12/25/2018 5:11 AM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.

Anindya Maiti, Murtuza Jadliwala, Jibo He Igor Bilogrevic

Android Topics Sensors Accelerometer and the Coordinate System

Protect Consumer Privacy from Load Monitoring

Obstacle Detection.

Skinput Technology by Gaurav Aswani.

Raveen Wijewickrama Anindya Maiti Murtuza Jadliwala

Presented by Andrea David

Presentation transcript:

How to Phone Home with Someone Else’s Phone Information Exfiltration Using Intentional Sound Noise on Gyroscopic Sensors Benyamin Farshteindiker Nir Hassidim Asaf Grosz Yossi Oren

Poster Session on Thursday Come and watch a live attack on Thursday at 18:30.

Outline Introduction Gyroscopes On Personal Devices The Attack Results Countermeasures Conclusions

Implant Architecture Secret Collection – Microphone, camera, side-channel probe. Secret Exfiltration – RF backscatter, acoustical coupling, this work. Power Supply – Passive power, battery.

Gyroscopes On Personal Devices MEMS gyroscopes sense the angular rate of rotation. https://www.maximintegrated.com

Outline Introduction Gyroscopes On Personal Devices The Attack Results Countermeasures Conclusions

The Attack – Attack model Base assumptions: The adversary manages to place the implant near the victim’s mobile device. The implant has some secret it wishes to exfiltrate. The attacker has the ability to make the victim’s mobile device display a website or run some unprivileged application.

The Attack – Evaluation Setup

The Attack – PRBS example

The Attack – Advantages Advantages of our exfiltration scheme over traditional methods: Gyro access requires zero permissions or notifications Sensitivity of the sensor

Outline Introduction Gyroscopes On Personal Devices The Attack Results Countermeasures Conclusions

Results – Error rate Increasing amount of samples per data bit improve the results. Audio signal can’t be heard by the human ear or detected as motion. Consumes less than 10 microwatt of power.

Results – Activity profiles Samsung S5 results tested on different user activities running a native application.

Results – Capacity and power bounds Theoretical capacity of the channel is 1 Kbps with 60 Hz sampling rate. Can grow over 4 Kbps when increasing the sampling rate.

Outline Introduction Gyroscopes On Personal Devices The Attack Results Countermeasures Conclusions

Countermeasures Require permission to the gyroscope. Lower the sampling rate. Physical modification. Sensor fusion.

Conclusions Low cost implants No exposure risk Undetectable bugs Allow monitoring many implants simultaneously

Conclusions – Two factor authentication https://www.comda.co.il

Benyamin Farshteindiker Questions? Benyamin Farshteindiker farshben@post.bgu.ac.il https://iss.oy.ne.ro/PhoneHome * Don’t forget to come to our poster session on Thursday.