XPorter : A Study of the Multi-Port Charger Security on Privacy Leakage and Voice Injection

Research output: Chapters, Conference Papers, Creative and Literary WorksRGC 32 - Refereed conference paper (with host publication)peer-review

5 Scopus Citations
View graph of relations

Related Research Unit(s)

Detail(s)

Original languageEnglish
Title of host publicationACM MobiCom '23
Subtitle of host publicationProceedings of the 29th Annual International Conference on Mobile Computing and Networking
PublisherAssociation for Computing Machinery
Number of pages15
ISBN (print)978-1-4503-9990-6
Publication statusOnline published - Oct 2023

Conference

Title29th Annual International Conference on Mobile Computing and Networking, MobiCom 2023
LocationRiu Plaza España Hotel
PlaceSpain
CityMadrid
Period2 - 6 October 2023

Abstract

Multi-port chargers, capable of simultaneously charging multiple mobile devices such as smartphones, have gained immense popularity and sold millions of units in recent years. However, this charging-targeted feature could expose security and privacy risks by allowing one of the simultaneously charging devices to communicate with another one if wrongly designed and implemented because these devices are actually interconnected. Unfortunately, such risks have not been well studied, and we have identified a novel attack surface that exists in the circuit design of multi-port chargers, which allows an adversary to leverage one port to (i) eavesdrop on the activities of other devices being charged and (ii) inaudibly inject malicious audio commands if the charging device supports voice assistant and USB-C interface.

In this paper, we design and implement a novel framework, XPorter, to analyze and demonstrate the uncovered security and privacy threats in multi-port chargers. Specifically, it leverages the changes in the voltage signals on one neighbor port to monitor the voltage changes of the charging port induced by various user activities, including recognizing the running apps and uncovering keystrokes. In addition, XPorter can also achieve inaudible audio injection attacks from the neighbor port to the charging mobile device via the USB-C interface. We extensively evaluate the effectiveness of XPorter using five commodity multi-port chargers and five mobile devices. The evaluation results show its high effectiveness in recognizing the launching of 20 mobile apps (88.7%) and uncovering unlocking passcode (98.8%). Furthermore, XPorter achieves 100% success rates in inaudible audio injection attacks on three voice assistants. Moreover, our study also shows that XPorter is resilient to various impact factors and presents the potential of attacking multiple victims.

© 2023 Copyright held by the owner/author(s). Publication rights licensed to ACM.

Research Area(s)

  • Multi-port charger, Privacy leakage, Voice injection, USB-C interface

Bibliographic Note

Research Unit(s) information for this publication is provided by the author(s) concerned.

Citation Format(s)

XPorter: A Study of the Multi-Port Charger Security on Privacy Leakage and Voice Injection. / Ni, Tao; Chen, Yongliang; Xu, Weitao et al.
ACM MobiCom '23: Proceedings of the 29th Annual International Conference on Mobile Computing and Networking. Association for Computing Machinery, 2023.

Research output: Chapters, Conference Papers, Creative and Literary WorksRGC 32 - Refereed conference paper (with host publication)peer-review