TY - GEN
T1 - That phone charging hub knows your video playlist!
AU - Acharya, Sraddhanjali
AU - Serwadda, Abdul
AU - Bilbao, Argenis V.
N1 - Publisher Copyright:
© 2021 IEEE.
PY - 2021
Y1 - 2021
N2 - The rapid growth of smartphone usage has sparked a proliferation of public phone-charging hubs to cater to peoples' growing charging needs. By virtue of being located in public spaces, however, these hubs have the potential to be manipulated by malicious actors who seek to use them as a vehicle to launch cyberattacks against the users of these hubs. In this paper, we show that if such a public charging hub is rigged with a power measurement circuitry, the power measurements could enable the inference of videos watched by the user on the phone. Using a playlist of 100 YouTube music videos, we show this kind of attack to classify the videos with an accuracy of up to 94.49%. We rigorously examine the dynamics of the attack using 5 different phone models, 16 screen brightness and volume configurations, and various training configurations and show it to be highly effective under a wide range of settings. Depending on the content of such videos, the profile of the target, and the attacker's aims (e.g., government vs. private hacker), we argue that such an attack could have far-reaching privacy implications. The paper adds to the body of work highlighting power side-channels on computing devices as a potent threat to user privacy.
AB - The rapid growth of smartphone usage has sparked a proliferation of public phone-charging hubs to cater to peoples' growing charging needs. By virtue of being located in public spaces, however, these hubs have the potential to be manipulated by malicious actors who seek to use them as a vehicle to launch cyberattacks against the users of these hubs. In this paper, we show that if such a public charging hub is rigged with a power measurement circuitry, the power measurements could enable the inference of videos watched by the user on the phone. Using a playlist of 100 YouTube music videos, we show this kind of attack to classify the videos with an accuracy of up to 94.49%. We rigorously examine the dynamics of the attack using 5 different phone models, 16 screen brightness and volume configurations, and various training configurations and show it to be highly effective under a wide range of settings. Depending on the content of such videos, the profile of the target, and the attacker's aims (e.g., government vs. private hacker), we argue that such an attack could have far-reaching privacy implications. The paper adds to the body of work highlighting power side-channels on computing devices as a potent threat to user privacy.
KW - Machine Learning
KW - Mobile Security
KW - Power side channel attack
KW - Security and privacy
KW - Side channel analysis
KW - Video Inference
UR - http://www.scopus.com/inward/record.url?scp=85123287539&partnerID=8YFLogxK
U2 - 10.1109/SWC50871.2021.00031
DO - 10.1109/SWC50871.2021.00031
M3 - Conference contribution
AN - SCOPUS:85123287539
T3 - Proceedings - 2021 IEEE SmartWorld, Ubiquitous Intelligence and Computing, Advanced and Trusted Computing, Scalable Computing and Communications, Internet of People, and Smart City Innovations, SmartWorld/ScalCom/UIC/ATC/IoP/SCI 2021
SP - 160
EP - 169
BT - Proceedings - 2021 IEEE SmartWorld, Ubiquitous Intelligence and Computing, Advanced and Trusted Computing, Scalable Computing and Communications, Internet of People, and Smart City Innovations, SmartWorld/ScalCom/UIC/ATC/IoP/SCI 2021
PB - Institute of Electrical and Electronics Engineers Inc.
Y2 - 18 October 2021 through 21 October 2021
ER -