Recent years have witnessed the explosive development of mobile devices like smartphones and tablets. Along with the growing market of these mobile devices, the demand for novel and fast charging systems has gained much more popularity, i.e., wireless chargers, wireless charging power banks, and multi-port chargers. However, these newly released mobile charging systems expose various vulnerabilities that can be leveraged by adversaries to launch different side-channel attacks, including eavesdropping attacks to violate user privacy and inaudible audio injection attacks to manipulate the voice assistants maliciously. This dissertation focuses on investigating contactless side channels present in different mobile charging systems. My research involves designing attack frameworks to demonstrate the feasibility of potential threats and proposing effective countermeasures to protect against these attacks. Specifically, I leverage two physical phenomena, namely coil whine and magnetic field perturbations, which occur during wireless charging processes. By utilizing these phenomena, I develop an attack framework capable of inferring fine-grained user-smartphone interactions while smartphones are being charged by commonly available wireless chargers. This framework enables us to uncover sensitive information, i.e., unlocking passcodes, launching apps, and sensitive keystrokes. Furthermore, I extend our framework to target power banks that support wireless charging. I employ fast domain adaptation techniques, such as few-shot learning, to enhance the transferability of the attack across various scenarios, including different power banks, smartphones, and battery levels. Additionally, I conduct an in-depth study to explore the security of multi-port chargers, a new type of charging accessory that can charge multiple mobile devices simultaneously. Our research reveals that voltage leakages across neighboring USB ports can compromise user privacy by disclosing their activities on charging mobile devices. In the case of multi-port chargers equipped with USB-C interfaces, I demonstrate that the audio pins of the USB-C port can be exploited to silently activate voice assistants, i.e., Apple Siri, Google Assistant, and OnePlus Breeno, and inject modulated voice commands. To mitigate the risks posed by these attacks, I propose and implement countermeasures from both hardware and software perspectives. These measures aim to safeguard users from the aforementioned vulnerabilities and protect their privacy and security. Overall, this dissertation provides a thorough examination of contactless side-channel attacks and defenses in order to raise awareness about the potential threats associated with widely used commodity mobile charging systems.
| Date of Award | 27 Mar 2024 |
|---|
| Original language | English |
|---|
| Awarding Institution | - City University of Hong Kong
|
|---|
| Supervisor | Weitao XU (Supervisor) & Qingchuan ZHAO (Co-supervisor) |
|---|
Contactless Side Channels in Mobile Charging Systems: Attacks and Defenses
NI, T. (Author). 27 Mar 2024
Student thesis: Doctoral Thesis