Abstract
We report the first active acoustic side-channel attack. Speakers are used to emit human inaudible acoustic signals, and the echo is recorded via microphones, turning the acoustic system of a smart phone into a sonar system. The echo signal can be used to profile user interaction with the device. For example, a victim's finger movements can be inferred to steal Android unlock patterns. In our empirical study, the number of candidate unlock patterns that an attacker must try to authenticate herself to a Samsung S4 phone can be reduced by up to 70% using this novel acoustic side-channel. The attack is entirely unnoticeable to victims. Our approach can be easily applied to other application scenarios and device types. Overall, our work highlights a new family of security threats.
| Original language | English |
|---|---|
| Pages (from-to) | 213-228 |
| Number of pages | 16 |
| Journal | International Journal of Information Security |
| Volume | 19 |
| Issue number | 2 |
| Early online date | 25 Jul 2019 |
| DOIs | |
| Publication status | Published - 1 Apr 2020 |
Funding
JY was supported in part by the Wallenberg Artificial Intelligence, Autonomous Systems and Software Program (WASP) funded by Knut and Alice Wallenberg Foundation.
Keywords
- acoustic system
- active sonar
- mobile device
- side-channel attack
Fingerprint
Dive into the research topics of 'SonarSnoop: active acoustic side-channel attacks'. Together they form a unique fingerprint.Cite this
- APA
- Author
- BIBTEX
- Harvard
- Standard
- RIS
- Vancouver