SonarSnoop: active acoustic side-channel attacks

Peng Cheng; Ibrahim Ethem Bagci; Utz Roedig; Jeff Yan

doi:10.1007/s10207-019-00449-8

SonarSnoop: active acoustic side-channel attacks

Peng Cheng
, Ibrahim Ethem Bagci
, Utz Roedig
, Jeff Yan

School of Computer Science and Information Technology

Research output: Contribution to journal › Article › peer-review

Abstract

We report the first active acoustic side-channel attack. Speakers are used to emit human inaudible acoustic signals, and the echo is recorded via microphones, turning the acoustic system of a smart phone into a sonar system. The echo signal can be used to profile user interaction with the device. For example, a victim’s finger movements can be inferred to steal Android unlock patterns. In our empirical study, the number of candidate unlock patterns that an attacker must try to authenticate herself to a Samsung S4 phone can be reduced by up to 70% using this novel acoustic side-channel. The attack is entirely unnoticeable to victims. Our approach can be easily applied to other application scenarios and device types. Overall, our work highlights a new family of security threats.

Original language	English
Pages (from-to)	213-228
Number of pages	16
Journal	International Journal of Information Security
Volume	19
Issue number	2
DOIs	https://doi.org/10.1007/s10207-019-00449-8
Publication status	Published - 1 Apr 2020

Keywords

Acoustic system
Active sonar
Mobile device
Side-channel attack

Access to Document

10.1007/s10207-019-00449-8

https://hdl.handle.net/10468/8524Licence: CC BY

Cite this

@article{2af6f374b40c46308d150ef268d7df05,

title = "SonarSnoop: active acoustic side-channel attacks",

abstract = "We report the first active acoustic side-channel attack. Speakers are used to emit human inaudible acoustic signals, and the echo is recorded via microphones, turning the acoustic system of a smart phone into a sonar system. The echo signal can be used to profile user interaction with the device. For example, a victim{\textquoteright}s finger movements can be inferred to steal Android unlock patterns. In our empirical study, the number of candidate unlock patterns that an attacker must try to authenticate herself to a Samsung S4 phone can be reduced by up to 70\% using this novel acoustic side-channel. The attack is entirely unnoticeable to victims. Our approach can be easily applied to other application scenarios and device types. Overall, our work highlights a new family of security threats.",

keywords = "Acoustic system, Active sonar, Mobile device, Side-channel attack",

author = "Peng Cheng and Bagci, \{Ibrahim Ethem\} and Utz Roedig and Jeff Yan",

note = "Publisher Copyright: {\textcopyright} 2019, The Author(s).",

year = "2020",

month = apr,

day = "1",

doi = "10.1007/s10207-019-00449-8",

language = "English",

volume = "19",

pages = "213--228",

journal = "International Journal of Information Security",

issn = "1615-5262",

publisher = "Springer Verlag",

number = "2",

}

TY - JOUR

T1 - SonarSnoop

T2 - active acoustic side-channel attacks

AU - Cheng, Peng

AU - Bagci, Ibrahim Ethem

AU - Roedig, Utz

AU - Yan, Jeff

PY - 2020/4/1

Y1 - 2020/4/1

N2 - We report the first active acoustic side-channel attack. Speakers are used to emit human inaudible acoustic signals, and the echo is recorded via microphones, turning the acoustic system of a smart phone into a sonar system. The echo signal can be used to profile user interaction with the device. For example, a victim’s finger movements can be inferred to steal Android unlock patterns. In our empirical study, the number of candidate unlock patterns that an attacker must try to authenticate herself to a Samsung S4 phone can be reduced by up to 70% using this novel acoustic side-channel. The attack is entirely unnoticeable to victims. Our approach can be easily applied to other application scenarios and device types. Overall, our work highlights a new family of security threats.

AB - We report the first active acoustic side-channel attack. Speakers are used to emit human inaudible acoustic signals, and the echo is recorded via microphones, turning the acoustic system of a smart phone into a sonar system. The echo signal can be used to profile user interaction with the device. For example, a victim’s finger movements can be inferred to steal Android unlock patterns. In our empirical study, the number of candidate unlock patterns that an attacker must try to authenticate herself to a Samsung S4 phone can be reduced by up to 70% using this novel acoustic side-channel. The attack is entirely unnoticeable to victims. Our approach can be easily applied to other application scenarios and device types. Overall, our work highlights a new family of security threats.

KW - Acoustic system

KW - Active sonar

KW - Mobile device

KW - Side-channel attack

UR - https://www.scopus.com/pages/publications/85068877981

U2 - 10.1007/s10207-019-00449-8

DO - 10.1007/s10207-019-00449-8

M3 - Article

AN - SCOPUS:85068877981

SN - 1615-5262

VL - 19

SP - 213

EP - 228

JO - International Journal of Information Security

JF - International Journal of Information Security

IS - 2

ER -

SonarSnoop: active acoustic side-channel attacks

Abstract

Keywords

Access to Document

Other files and links

Fingerprint

Cite this