Power usage, motion sensor and neural side-channels on mobile devices: Examining attacks and countermeasures

The usage of mobile and wearable devices has grown rapidly over the past few years. With this growth have come several changes to how we interact with computing devices. For example, in the past we used to work on desktops within the physical confines of our homes/offices. With computation going largely mobile, we now perform many of these tasks in public. The second major change that the mobile revolution had brought about pertains to the large array of sensors built into these devices. A user interacting with mobile devices these days has sensors measuring almost every aspect of life, including variables such as movements (both microscopic ones such as phone orientation during web browsing – and macroscopic ones such as number of steps made during walking), location (via GPS), speech, and biological markers such as temperature, blood pressure, etc.

These two mobile-induced changes give rise to a number of privacy threats that previously did not exist. While the gamut of sensors poses questions on whether our private information could be sensed and misused, the overly public execution of computing tasks raises questions of whether eavesdropping on our private data might more easily occur. A number of previous studies have examined some of these threats albeit leaving behind a number of unanswered questions. In this dissertation, we investigate a wide range of side-channel attacks in the mobile and wearable devices eco-systems. We specifically study the exploitation of motion sensor, power usage and neural side-channels to reliably leak users' personal information. First, we investigate how a malicious app that has been denied access to multimedia content could stealthily learn a user’s personal listening habits via the motion sensor side-channel. Taking the case of music played on the phone, we design an attack which leverages the accelerometer patterns exhibited during music playback to infer the songs being played by the user. Secondly, we explore how power consumption of mobile devices while charging on public stations could be leveraged to surreptitiously infer sensitive user activities. We look at how a malicious entity can embed illicit power meters in a public charging station and launch three kinds of power side-channel attacks (i.e., the website inference, keystroke inference, and incoming call detection attacks) aimed at inferring web browsing, typing and incoming call patterns. The attacks use machine learning to identify unique patterns hidden in the measured current draw and infer information about a user's activity.

In the wearables space, we study the problem of leakage of information about privacy-sensitive medical conditions from Brain Computer Interface (BCI) applications using brain waves as an input. Taking the case of two EEG-based authentication systems built based on publicly accessible datasets, we show that attacker could potentially divulge more of the users' sensitive personal information (in particular, substance disorder abuse) than that regarding the intended authentication functionality. Last but not least, we delve into details of the aforementioned attacks and characterize their behavior under a wide range of conditions/experimental settings. We then design and rigorously analyze several countermeasures to mitigate a number of these side-channel attacks.

All in all, the research presented in this dissertation (1) demonstrates how motion sensors, power measurements and neural signals are a powerful side-channels in mobile and wearable devices ecosystem, (2) designs and empirically evaluates the defense mechanisms against these attacks leveraging the above side-channels, (3) calls for more stringent restrictions on motion sensors and other open APIs leveraging data from mobile and wearable devices, and lastly (4) calls for more research studying the security-utility tradeoffs of defense mechanisms proposed in the mobile and wearable ecosystem.