A researchers group has revealed that the smartphone batteries are prone to side channel attack vector by revealing what users actually do with their devices by analyzing power consumption.
The paper published (PDF) explains both snitching and exfiltration, accepted for July Privacy Enhancing Technologies Symposium.
The researchers say it’s not the time to panic as yet, the attack is not yet practiced, its rather a well-defined theory and hard to execute. But it has alarming real-world implications that cannot be overlooked. The paper shows how too-free API can help hackers in the ways the designers have never imagined.
The report by the researchers for UT Austin, the Hebrew University, and Technion has revealed that a ‘Battery’ can collect enough information about the phone components to unveil the user activity.
During the research, the researchers turned the battery into a snitch by implanting a microcontroller to sample power flowing going in and out at 1 KHz sample rate.
According to the boffins, the battery is a very attractive attack vector, all the phone’s activity is exposed in this. The attacker can correlate the power flows with a keystroke, the context of the keystroke could be ‘is someone visiting a website at the time?’ also, the events that followed it such as, ‘taking a photo or making a call’.
Collectively, these sets of information reconstruct the coherent portrait of the user’s activity on the phone, which dramatically amplifies the power of individual attacks, the paper claims.
The researchers read the CPU and screens, power traces (also from GPU and DRAM in some cases) would successfully reveal the information about the websites visited and even what was typed by the user on the screen.
However, the attack becomes difficult in some situations, the attackers have to insert the poisoned battery inside the phone which is not feasible for remote attacks unless the phone is gone through a repair process, it also needs an offline AI in order to learn how to categorize and classify the power traces.
However, the exfiltration path is not theoretical—the web battery API, which is already been criticized because it offers snitching options, Apple and Mozilla have already abandoned Webkit for that reason.
The exfiltration route is summarized in this way, “All the victim user has to do is to visit a sink website that is reading the data. Malicious batteries can detect when the browser enters this special website, and enable the exfiltration mode.”
The researchers conducted the tests using a built-in Chrome-based browser on Samsung and Huawei phones. The paper also offers suggestions for improvement while conducting exfiltration experiment.