Abstract
Today, there is an increasing number of smartphones supporting wireless charging that leverages electromagnetic induction to transmit power from a wireless charger to the charging smartphone. In this paper, we report a new contactless and context-aware wireless-charging side-channel attack, which captures two physical phenomena (i.e., the coil whine and the magnetic field perturbation) generated during this wireless charging process and further infers the user interactions on the charging smartphone. We design and implement a three-stage attack framework, dubbed WISERS, to demonstrate the practicality of this new side channel. WISERS first captures the coil whine and the magnetic field perturbation emitted by the wireless charger, then infers (i) inter-interface switches (e.g., switching from the home screen to an app interface) and (ii) intra-interface activities (e.g., keyboard inputs inside an app) to build user interaction contexts, and further reveals sensitive information. We extensively evaluate the effectiveness of WISERS with popular smartphones and commercial-off-the-shelf (COTS) wireless chargers. Our evaluation results suggest that WISERS can achieve over 90.4% accuracy in inferring sensitive information, such as screen-unlocking passcode and app launch. In addition, our study also shows that WISERS is resilient to a list of impact factors.
Original language | English |
---|---|
Title of host publication | Proceedings of the IEEE Symposium on Security and Privacy (S&P) |
Publisher | IEEE |
Pages | 3399-3415 |
ISBN (Electronic) | 10.1109/SP46215.2023.00105 |
DOIs | |
Publication status | Published - May 2023 |
Event | 44th IEEE Symposium on Security and Privacy (S&P) - , United States Duration: 22 May 2023 → 25 May 2023 |
Conference
Conference | 44th IEEE Symposium on Security and Privacy (S&P) |
---|---|
Country/Territory | United States |
Period | 22/05/23 → 25/05/23 |