scholarly journals Power to peep-all: Inference Attacks by Malicious Batteries on Mobile Devices

2018 ◽  
Vol 2018 (4) ◽  
pp. 141-158 ◽  
Author(s):  
Pavel Lifshits ◽  
Roni Forte ◽  
Yedid Hoshen ◽  
Matt Halpern ◽  
Manuel Philipose ◽  
...  
Keyword(s):  
Mobile Devices ◽  
Sampling Rate ◽  
Information Leakage ◽  
Primary Sources ◽  
Covert Channel ◽  
Sensitive Information ◽  
Web Browser ◽  
Open World ◽  
Fine Grain ◽  
Remote Server

Abstract Mobile devices are equipped with increasingly smart batteries designed to provide responsiveness and extended lifetime. However, such smart batteries may present a threat to users’ privacy. We demonstrate that the phone’s power trace sampled from the battery at 1KHz holds enough information to recover a variety of sensitive information. We show techniques to infer characters typed on a touchscreen; to accurately recover browsing history in an open-world setup; and to reliably detect incoming calls, and the photo shots including their lighting conditions. Combined with a novel exfiltration technique that establishes a covert channel from the battery to a remote server via a web browser, these attacks turn the malicious battery into a stealthy surveillance device. We deconstruct the attack by analyzing its robustness to sampling rate and execution conditions. To find mitigations we identify the sources of the information leakage exploited by the attack. We discover that the GPU or DRAM power traces alone are sufficient to distinguish between different websites. However, the CPU and power-hungry peripherals such as a touchscreen are the primary sources of fine-grain information leakage. We consider and evaluate possible mitigation mechanisms, highlighting the challenges to defend against the attacks. In summary, our work shows the feasibility of the malicious battery and motivates further research into system and application-level defenses to fully mitigate this emerging threat.

scholarly journals Survey on Reverse-Engineering Tools for Android Mobile Devices

2022 ◽  
Vol 2022 ◽  
pp. 1-7
Author(s):  
Ashwag Albakri ◽  
Huda Fatima ◽  
Maram Mohammed ◽  
Aisha Ahmed ◽  
Aisha Ali ◽  
...  
Keyword(s):  
Reverse Engineering ◽  
Mobile Devices ◽  
Mobile Applications ◽  
Information Leakage ◽  
Sensitive Information ◽  
Security Threats ◽  
Application Security ◽  
Security Issues ◽  
Frequent Use ◽  
User Data

With the presence of the Internet and the frequent use of mobile devices to send several transactions that involve personal and sensitive information, it becomes of great importance to consider the security aspects of mobile devices. And with the increasing use of mobile applications that are utilized for several purposes such as healthcare or banking, those applications have become an easy and attractive target for attackers who want to get access to mobile devices and obtain users’ sensitive information. Developing a secure application is very important; otherwise, attackers can easily exploit vulnerabilities in mobile applications which lead to serious security issues such as information leakage or injecting applications with malicious programs to access user data. In this paper, we survey the literature on application security on mobile devices, specifically mobile devices running on the Android platform, and exhibit security threats in the Android system. In addition, we study many reverse-engineering tools that are utilized to exploit vulnerabilities in applications. We demonstrate several reverse-engineering tools in terms of methodology, security holes that can be exploited, and how to use these tools to help in developing more secure applications.

scholarly journals An Approach for Risk Estimation in Information Security Using Text Mining and Jaccard Method

2018 ◽  
Vol 7 (3) ◽  
pp. 393-399
Author(s):  
Prajna Deshanta Ibnugraha ◽  
Lukito Edi Nugroho ◽  
Paulus Insap Santosa
Keyword(s):  
Text Mining ◽  
Information Security ◽  
Risk Estimation ◽  
Information Leakage ◽  
Information Value ◽  
Sensitive Information ◽  
Digital Information ◽  
Security Threat ◽  
Business Impact ◽  
Related Information

Involvement of digital information in almost of enterprise sectors makes information having value that must be protected from information leakage. In order to obtain proper method for protecting sensitive information, enterprise must perform risk analysis of threat. However, enterprises often get limitation in measuring risk related information security threat. Therefore, this paper has goal to give approach for estimating risk by using information value. Techniques for measuring information value in this paper are text mining and Jaccard method. Text mining is used to recognize information pattern based on three classes namely high business impact, medium business impact and low business impact. Furthermore, information is given weight by Jaccard method. The weight represents risk levelof information leakage in enterprise quantitatively. Result of comparative analysis with existing method show that proposed method results more detailed output in estimating risk of information security threat.

Know Your World Better

2018 ◽  
pp. 777-793
Author(s):  
Srinivasa K. G. ◽  
Satvik Jagannath ◽  
Aakash Nidhi
Keyword(s):  
Information Retrieval ◽  
Augmented Reality ◽  
Real Time ◽  
Mobile Devices ◽  
Mobile Device ◽  
Sensitive Information ◽  
Context Sensitive ◽  
Close Proximity ◽  
Augmented Reality Application ◽  
Device User

Mobile devices are changing the way people live. Users have everything on their fingertips and to support them, there are scores of application which add to the usability and comfort. “Know your world better” is an Augmented Reality application developed for Android. This application helps the user to find friends and locate places in close proximity. In this paper we talk about an application that describes a method of augmenting Point of Interests (POI's) on a mobile device. User has to move his phone pointing in a direction of his choice and POI's if any are shown in real time. The user's interest with respect to the environment is inferred from speech or by selecting from the choices; this data is used for information retrieval from the cloud. The result of context-sensitive information retrieval is augmented onto the view of the mobile and provides speech output.

scholarly journals Secureweb: Protecting sensitive information through the web browser extension with a security token

2018 ◽  
Vol 23 (5) ◽  
pp. 526-538 ◽  
Author(s):  
Shuang Liang ◽  
Yue Zhang ◽  
Bo Li ◽  
Xiaojie Guo ◽  
Chunfu Jia ◽  
...  
Keyword(s):  
Sensitive Information ◽  
Web Browser ◽  
Browser Extension ◽  
The Web

scholarly journals No Free Charge Theorem: A Covert Channel via USB Charging Cable on Mobile Devices

2017 ◽  
pp. 83-102 ◽  
Author(s):  
Riccardo Spolaor ◽  
Laila Abudahi ◽  
Veelasha Moonsamy ◽  
Mauro Conti ◽  
Radha Poovendran
Keyword(s):  
Mobile Devices ◽  
Covert Channel ◽  
Free Charge

Study on sensitive information leakage vulnerability modeling

Kybernetes ◽  
2015 ◽  
Vol 44 (1) ◽  
pp. 77-88 ◽  
Author(s):  
Sung-Hwan Kim ◽  
Nam-Uk Kim ◽  
Tai-Myoung Chung
Keyword(s):  
Mathematical Models ◽  
Security Policy ◽  
Design Methodology ◽  
Information Leakage ◽  
Vulnerability Index ◽  
Sensitive Information ◽  
Security Risks ◽  
Content Type ◽  
Proposed Model ◽  
Vulnerability Model

Purpose – The purpose of this paper is to provide a model for quantitatively analyzing the security profile of an organization’s IT environment. The model considers the security risks associated with stored data, as well as services and devices that can act as channels for data leakages. The authors propose a sensitive information (SI) leakage vulnerability model. Design/methodology/approach – Factors identified as having an impact on the security profile are identified, and scores are assigned based on detailed criteria. These scores are utilized by mathematical models that produce a vulnerability index, which indicates the overall security vulnerability of the organization. In this chapter, the authors verify the model result extracted from SI leakage vulnerability weak index by applying the proposed model to an actual incident that occurred in South Korea in January 2014. Findings – The paper provides vulnerability result and vulnerability index. They are depends on SI state in information systems. Originality/value – The authors identify and define four core variables related to SI leakage: SI, security policy, and leakage channel and value of SI. The authors simplify the SI leakage problem. The authors propose a SI leakage vulnerability model.

Sign in / Sign up

Export Citation Format

Share Document