TY - JOUR
T1 - A Side-channel Analysis of Sensor Multiplexing for Covert Channels and Application Fingerprinting on Mobile Devices
AU - Shepherd, Carlton
AU - Kalbantner, Jan
AU - Semal, Benjamin
AU - Markantonakis, Konstantinos
PY - 2023/10/11
Y1 - 2023/10/11
N2 - Mobile devices often distribute measurements from a single physical sensor to multiple applications using software-based multiplexing. On Android devices, the highest requested sampling frequency is returned to all applications even if other applications request measurements at lower frequencies. In this paper, we comprehensively demonstrate that this design choice exposes practically exploitable side-channels based on frequency-key shifting. By carefully modulating sensor sampling frequencies in software, we show that unprivileged malicious applications can construct reliable spectral covert channels that bypass existing security mechanisms. Moreover, we present a novel variant that allows an unprivileged malicious observer app to fingerprint other victim applications at a coarse-grained level. Both techniques do not impose any special assumptions beyond accessing standard mobile services from unprivileged applications. As such, our work reports side-channel vulnerabilities that exploit subtle yet insecure design choices in mobile sensor stacks.
AB - Mobile devices often distribute measurements from a single physical sensor to multiple applications using software-based multiplexing. On Android devices, the highest requested sampling frequency is returned to all applications even if other applications request measurements at lower frequencies. In this paper, we comprehensively demonstrate that this design choice exposes practically exploitable side-channels based on frequency-key shifting. By carefully modulating sensor sampling frequencies in software, we show that unprivileged malicious applications can construct reliable spectral covert channels that bypass existing security mechanisms. Moreover, we present a novel variant that allows an unprivileged malicious observer app to fingerprint other victim applications at a coarse-grained level. Both techniques do not impose any special assumptions beyond accessing standard mobile services from unprivileged applications. As such, our work reports side-channel vulnerabilities that exploit subtle yet insecure design choices in mobile sensor stacks.
UR - https://arxiv.org/abs/2110.06363
U2 - 10.1109/TDSC.2023.3323732
DO - 10.1109/TDSC.2023.3323732
M3 - Article
SN - 1545-5971
SP - 1
EP - 12
JO - IEEE Transactions on Dependable and Secure Computing
JF - IEEE Transactions on Dependable and Secure Computing
ER -