Harvesting Smartphone Privacy Through Enhanced Juice Filming Charging Attacks

Weizhi Meng; Fei Fei; Wenjuan Li; Man Ho Au

doi:10.1007/978-3-319-69659-1_16

Harvesting Smartphone Privacy Through Enhanced Juice Filming Charging Attacks

Weizhi Meng, Fei Fei, Wenjuan Li, Man Ho Au

Research output: Chapter in book / Conference proceeding › Conference article published in proceeding or book › Academic research › peer-review

20 Citations (Scopus)

Abstract

The increasingly high demand for smartphone charging in people’s daily lives has apparently encouraged much more public charging stations to be deployed in various places (e.g., shopping malls, airports). However, these public charging facilities may open a hole for cyber-criminals to infer private information and data from smartphone users. Juice filming charging (JFC) attack is a particular type of charging attacks, which is capable of stealing users’ sensitive information from both Android OS and iOS devices, through automatically monitoring and recording phone screen during the whole charging period. The rationale is that phone screen can be leaked through a standard micro USB connector, which adopts the Mobile High-Definition Link (MHL) standard. In practice, we identify that how to efficiently extract information from the captured videos remains a challenge for current JFC attack. To further investigate its practical influence, in this work, we focus on enhancing its performance in the aspects of extracting texts from images and correlating information, and then conducting a user study in a practical scenario. The obtained results demonstrate that our enhanced JFC attack can outperform the original one in collecting users’ information at large and extracting sensitive data with a higher accuracy. Our work aims to complement existing results and stimulate more efforts in defending smartphones against charging threats.

Original language	English
Title of host publication	Information Security - 20th International Conference, ISC 2017, Proceedings
Editors	Phong Q. Nguyen, Phong Q. Nguyen, Jianying Zhou
Publisher	Springer Verlag
Pages	291-308
Number of pages	18
ISBN (Print)	9783319696584
DOIs	https://doi.org/10.1007/978-3-319-69659-1_16
Publication status	Published - 2017
Event	20th International Conference on Information Security, ISC 2017 - Ho Chi Minh City, Viet Nam Duration: 22 Nov 2017 → 24 Nov 2017

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	10599 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	20th International Conference on Information Security, ISC 2017
Country/Territory	Viet Nam
City	Ho Chi Minh City
Period	22/11/17 → 24/11/17

Keywords

Android and iOS
Charging threat
Juice filming charging attack
Mobile privacy and security
OCR technology

ASJC Scopus subject areas

Theoretical Computer Science
General Computer Science

More information

10.1007/978-3-319-69659-1_16

Cite this

Meng, W., Fei, F., Li, W., & Au, M. H. (2017). Harvesting Smartphone Privacy Through Enhanced Juice Filming Charging Attacks. In P. Q. Nguyen, P. Q. Nguyen, & J. Zhou (Eds.), Information Security - 20th International Conference, ISC 2017, Proceedings (pp. 291-308). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 10599 LNCS). Springer Verlag. https://doi.org/10.1007/978-3-319-69659-1_16

Meng, Weizhi ; Fei, Fei ; Li, Wenjuan et al. / Harvesting Smartphone Privacy Through Enhanced Juice Filming Charging Attacks. Information Security - 20th International Conference, ISC 2017, Proceedings. editor / Phong Q. Nguyen ; Phong Q. Nguyen ; Jianying Zhou. Springer Verlag, 2017. pp. 291-308 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{807a50cd6280468d84c2662569458637,

title = "Harvesting Smartphone Privacy Through Enhanced Juice Filming Charging Attacks",

abstract = "The increasingly high demand for smartphone charging in people{\textquoteright}s daily lives has apparently encouraged much more public charging stations to be deployed in various places (e.g., shopping malls, airports). However, these public charging facilities may open a hole for cyber-criminals to infer private information and data from smartphone users. Juice filming charging (JFC) attack is a particular type of charging attacks, which is capable of stealing users{\textquoteright} sensitive information from both Android OS and iOS devices, through automatically monitoring and recording phone screen during the whole charging period. The rationale is that phone screen can be leaked through a standard micro USB connector, which adopts the Mobile High-Definition Link (MHL) standard. In practice, we identify that how to efficiently extract information from the captured videos remains a challenge for current JFC attack. To further investigate its practical influence, in this work, we focus on enhancing its performance in the aspects of extracting texts from images and correlating information, and then conducting a user study in a practical scenario. The obtained results demonstrate that our enhanced JFC attack can outperform the original one in collecting users{\textquoteright} information at large and extracting sensitive data with a higher accuracy. Our work aims to complement existing results and stimulate more efforts in defending smartphones against charging threats.",

keywords = "Android and iOS, Charging threat, Juice filming charging attack, Mobile privacy and security, OCR technology",

author = "Weizhi Meng and Fei Fei and Wenjuan Li and Au, {Man Ho}",

note = "Funding Information: Acknowledgments. We would like to thank all anonymous reviewers for their helpful comments in improving the paper. This work was partially supported by National Natural Science Foundation of China (61602396). Publisher Copyright: {\textcopyright} 2017, Springer International Publishing AG.; 20th International Conference on Information Security, ISC 2017 ; Conference date: 22-11-2017 Through 24-11-2017",

year = "2017",

doi = "10.1007/978-3-319-69659-1_16",

language = "English",

isbn = "9783319696584",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Verlag",

pages = "291--308",

editor = "Nguyen, {Phong Q.} and Nguyen, {Phong Q.} and Jianying Zhou",

booktitle = "Information Security - 20th International Conference, ISC 2017, Proceedings",

address = "Germany",

}

Meng, W, Fei, F, Li, W & Au, MH 2017, Harvesting Smartphone Privacy Through Enhanced Juice Filming Charging Attacks. in PQ Nguyen, PQ Nguyen & J Zhou (eds), Information Security - 20th International Conference, ISC 2017, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 10599 LNCS, Springer Verlag, pp. 291-308, 20th International Conference on Information Security, ISC 2017, Ho Chi Minh City, Viet Nam, 22/11/17. https://doi.org/10.1007/978-3-319-69659-1_16

Harvesting Smartphone Privacy Through Enhanced Juice Filming Charging Attacks. / Meng, Weizhi; Fei, Fei; Li, Wenjuan et al.
Information Security - 20th International Conference, ISC 2017, Proceedings. ed. / Phong Q. Nguyen; Phong Q. Nguyen; Jianying Zhou. Springer Verlag, 2017. p. 291-308 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 10599 LNCS).

Research output: Chapter in book / Conference proceeding › Conference article published in proceeding or book › Academic research › peer-review

TY - GEN

T1 - Harvesting Smartphone Privacy Through Enhanced Juice Filming Charging Attacks

AU - Meng, Weizhi

AU - Fei, Fei

AU - Li, Wenjuan

AU - Au, Man Ho

N1 - Funding Information: Acknowledgments. We would like to thank all anonymous reviewers for their helpful comments in improving the paper. This work was partially supported by National Natural Science Foundation of China (61602396). Publisher Copyright: © 2017, Springer International Publishing AG.

PY - 2017

Y1 - 2017

N2 - The increasingly high demand for smartphone charging in people’s daily lives has apparently encouraged much more public charging stations to be deployed in various places (e.g., shopping malls, airports). However, these public charging facilities may open a hole for cyber-criminals to infer private information and data from smartphone users. Juice filming charging (JFC) attack is a particular type of charging attacks, which is capable of stealing users’ sensitive information from both Android OS and iOS devices, through automatically monitoring and recording phone screen during the whole charging period. The rationale is that phone screen can be leaked through a standard micro USB connector, which adopts the Mobile High-Definition Link (MHL) standard. In practice, we identify that how to efficiently extract information from the captured videos remains a challenge for current JFC attack. To further investigate its practical influence, in this work, we focus on enhancing its performance in the aspects of extracting texts from images and correlating information, and then conducting a user study in a practical scenario. The obtained results demonstrate that our enhanced JFC attack can outperform the original one in collecting users’ information at large and extracting sensitive data with a higher accuracy. Our work aims to complement existing results and stimulate more efforts in defending smartphones against charging threats.

AB - The increasingly high demand for smartphone charging in people’s daily lives has apparently encouraged much more public charging stations to be deployed in various places (e.g., shopping malls, airports). However, these public charging facilities may open a hole for cyber-criminals to infer private information and data from smartphone users. Juice filming charging (JFC) attack is a particular type of charging attacks, which is capable of stealing users’ sensitive information from both Android OS and iOS devices, through automatically monitoring and recording phone screen during the whole charging period. The rationale is that phone screen can be leaked through a standard micro USB connector, which adopts the Mobile High-Definition Link (MHL) standard. In practice, we identify that how to efficiently extract information from the captured videos remains a challenge for current JFC attack. To further investigate its practical influence, in this work, we focus on enhancing its performance in the aspects of extracting texts from images and correlating information, and then conducting a user study in a practical scenario. The obtained results demonstrate that our enhanced JFC attack can outperform the original one in collecting users’ information at large and extracting sensitive data with a higher accuracy. Our work aims to complement existing results and stimulate more efforts in defending smartphones against charging threats.

KW - Android and iOS

KW - Charging threat

KW - Juice filming charging attack

KW - Mobile privacy and security

KW - OCR technology

UR - http://www.scopus.com/inward/record.url?scp=85035148802&partnerID=8YFLogxK

U2 - 10.1007/978-3-319-69659-1_16

DO - 10.1007/978-3-319-69659-1_16

M3 - Conference article published in proceeding or book

AN - SCOPUS:85035148802

SN - 9783319696584

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 291

EP - 308

BT - Information Security - 20th International Conference, ISC 2017, Proceedings

A2 - Nguyen, Phong Q.

A2 - Zhou, Jianying

PB - Springer Verlag

T2 - 20th International Conference on Information Security, ISC 2017

Y2 - 22 November 2017 through 24 November 2017

ER -

Meng W, Fei F, Li W, Au MH. Harvesting Smartphone Privacy Through Enhanced Juice Filming Charging Attacks. In Nguyen PQ, Nguyen PQ, Zhou J, editors, Information Security - 20th International Conference, ISC 2017, Proceedings. Springer Verlag. 2017. p. 291-308. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-319-69659-1_16

Harvesting Smartphone Privacy Through Enhanced Juice Filming Charging Attacks

Abstract

Publication series

Conference

Keywords

ASJC Scopus subject areas

More information

Other files and links

Fingerprint

Cite this