Projects per year
Abstract
Multi-port chargers, capable of simultaneously charging multiple mobile devices such as smartphones, have gained immense popularity and sold millions of units in recent years. However, this charging-targeted feature could expose security and privacy risks by allowing one of the simultaneously charging devices to communicate with another one if wrongly designed and implemented because these devices are actually interconnected. Unfortunately, such risks have not been well studied, and we have identified a novel attack surface that exists in the circuit design of multi-port chargers, which allows an adversary to leverage one port to (i) eavesdrop on the activities of other devices being charged and (ii) inaudibly inject malicious audio commands if the charging device supports voice assistant and USB-C interface.
In this paper, we design and implement a novel framework, XPorter, to analyze and demonstrate the uncovered security and privacy threats in multi-port chargers. Specifically, it leverages the changes in the voltage signals on one neighbor port to monitor the voltage changes of the charging port induced by various user activities, including recognizing the running apps and uncovering keystrokes. In addition, XPorter can also achieve inaudible audio injection attacks from the neighbor port to the charging mobile device via the USB-C interface. We extensively evaluate the effectiveness of XPorter using five commodity multi-port chargers and five mobile devices. The evaluation results show its high effectiveness in recognizing the launching of 20 mobile apps (88.7%) and uncovering unlocking passcode (98.8%). Furthermore, XPorter achieves 100% success rates in inaudible audio injection attacks on three voice assistants. Moreover, our study also shows that XPorter is resilient to various impact factors and presents the potential of attacking multiple victims.
© 2023 Copyright held by the owner/author(s). Publication rights licensed to ACM.
In this paper, we design and implement a novel framework, XPorter, to analyze and demonstrate the uncovered security and privacy threats in multi-port chargers. Specifically, it leverages the changes in the voltage signals on one neighbor port to monitor the voltage changes of the charging port induced by various user activities, including recognizing the running apps and uncovering keystrokes. In addition, XPorter can also achieve inaudible audio injection attacks from the neighbor port to the charging mobile device via the USB-C interface. We extensively evaluate the effectiveness of XPorter using five commodity multi-port chargers and five mobile devices. The evaluation results show its high effectiveness in recognizing the launching of 20 mobile apps (88.7%) and uncovering unlocking passcode (98.8%). Furthermore, XPorter achieves 100% success rates in inaudible audio injection attacks on three voice assistants. Moreover, our study also shows that XPorter is resilient to various impact factors and presents the potential of attacking multiple victims.
© 2023 Copyright held by the owner/author(s). Publication rights licensed to ACM.
| Original language | English |
|---|---|
| Title of host publication | ACM MobiCom '23 |
| Subtitle of host publication | Proceedings of the 29th Annual International Conference on Mobile Computing and Networking |
| Publisher | Association for Computing Machinery |
| Number of pages | 15 |
| ISBN (Print) | 978-1-4503-9990-6 |
| DOIs | |
| Publication status | Online published - Oct 2023 |
| Event | 29th Annual International Conference on Mobile Computing and Networking, MobiCom 2023 - Riu Plaza España Hotel, Madrid, Spain Duration: 2 Oct 2023 → 6 Oct 2023 https://sigmobile.org/mobicom/2023/ |
Conference
| Conference | 29th Annual International Conference on Mobile Computing and Networking, MobiCom 2023 |
|---|---|
| Abbreviated title | ACM MobiCom 2023 |
| Place | Spain |
| City | Madrid |
| Period | 2/10/23 → 6/10/23 |
| Internet address |
Bibliographical note
Research Unit(s) information for this publication is provided by the author(s) concerned.Funding
We sincerely thank our shepherd and all anonymous reviewers for their constructive feedback. This work was supported by CityU APRC grant 9610563, the Research Grants Council of Hong Kong (CityU 21219223, C1029-22G, CityU 21201420, CityU 11201422), CCF-NSFOCUS Kunpeng Fund, NSFC Young Scientists Fund (No. 62002306), and NSFC (No. 62101471), NSF of Shandong province (No. ZR2021LZH010), and Shenzhen Science and Technology Funding Fundamental Research Program (2021Szvup126).
Research Keywords
- Multi-port charger
- Privacy leakage
- Voice injection
- USB-C interface
RGC Funding Information
- RGC-funded
Fingerprint
Dive into the research topics of 'XPorter: A Study of the Multi-Port Charger Security on Privacy Leakage and Voice Injection'. Together they form a unique fingerprint.-
ECS: Contactless Side Channels on Mobile Wireless Charging: Exploration and Mitigation
ZHAO, Q. (Principal Investigator / Project Coordinator)
1/10/23 → …
Project: Research
-
CRF-Sub-pj: Enabling Metadata-private and Accountable Networks at Scale
JIA, X. (Principal Investigator / Project Coordinator)
1/06/23 → …
Project: Research
-
GRF: Pushing the Boundaries of Wearable Sensing: A Tale of Two Modalities
XU, W. (Principal Investigator / Project Coordinator) & Ma, D. (Co-Investigator)
1/01/23 → …
Project: Research