TY - GEN
T1 - Harvesting Smartphone Privacy Through Enhanced Juice Filming Charging Attacks
AU - Meng, Weizhi
AU - Fei, Fei
AU - Li, Wenjuan
AU - Au, Man Ho
N1 - Funding Information:
Acknowledgments. We would like to thank all anonymous reviewers for their helpful comments in improving the paper. This work was partially supported by National Natural Science Foundation of China (61602396).
Publisher Copyright:
© 2017, Springer International Publishing AG.
PY - 2017
Y1 - 2017
N2 - The increasingly high demand for smartphone charging in people’s daily lives has apparently encouraged much more public charging stations to be deployed in various places (e.g., shopping malls, airports). However, these public charging facilities may open a hole for cyber-criminals to infer private information and data from smartphone users. Juice filming charging (JFC) attack is a particular type of charging attacks, which is capable of stealing users’ sensitive information from both Android OS and iOS devices, through automatically monitoring and recording phone screen during the whole charging period. The rationale is that phone screen can be leaked through a standard micro USB connector, which adopts the Mobile High-Definition Link (MHL) standard. In practice, we identify that how to efficiently extract information from the captured videos remains a challenge for current JFC attack. To further investigate its practical influence, in this work, we focus on enhancing its performance in the aspects of extracting texts from images and correlating information, and then conducting a user study in a practical scenario. The obtained results demonstrate that our enhanced JFC attack can outperform the original one in collecting users’ information at large and extracting sensitive data with a higher accuracy. Our work aims to complement existing results and stimulate more efforts in defending smartphones against charging threats.
AB - The increasingly high demand for smartphone charging in people’s daily lives has apparently encouraged much more public charging stations to be deployed in various places (e.g., shopping malls, airports). However, these public charging facilities may open a hole for cyber-criminals to infer private information and data from smartphone users. Juice filming charging (JFC) attack is a particular type of charging attacks, which is capable of stealing users’ sensitive information from both Android OS and iOS devices, through automatically monitoring and recording phone screen during the whole charging period. The rationale is that phone screen can be leaked through a standard micro USB connector, which adopts the Mobile High-Definition Link (MHL) standard. In practice, we identify that how to efficiently extract information from the captured videos remains a challenge for current JFC attack. To further investigate its practical influence, in this work, we focus on enhancing its performance in the aspects of extracting texts from images and correlating information, and then conducting a user study in a practical scenario. The obtained results demonstrate that our enhanced JFC attack can outperform the original one in collecting users’ information at large and extracting sensitive data with a higher accuracy. Our work aims to complement existing results and stimulate more efforts in defending smartphones against charging threats.
KW - Android and iOS
KW - Charging threat
KW - Juice filming charging attack
KW - Mobile privacy and security
KW - OCR technology
UR - http://www.scopus.com/inward/record.url?scp=85035148802&partnerID=8YFLogxK
U2 - 10.1007/978-3-319-69659-1_16
DO - 10.1007/978-3-319-69659-1_16
M3 - Conference article published in proceeding or book
AN - SCOPUS:85035148802
SN - 9783319696584
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 291
EP - 308
BT - Information Security - 20th International Conference, ISC 2017, Proceedings
A2 - Nguyen, Phong Q.
A2 - Nguyen, Phong Q.
A2 - Zhou, Jianying
PB - Springer Verlag
T2 - 20th International Conference on Information Security, ISC 2017
Y2 - 22 November 2017 through 24 November 2017
ER -