25th USENIX Security Symposium has ended
Monday, August 8 • 2:00pm - 2:30pm
How to Phone Home with Someone Else’s Phone: Information Exfiltration Using Intentional Sound Noise on Gyroscopic Sensors

Sign up or log in to save this to your schedule and see who's attending!

We show how a low-power device, such as a surveillance bug, can take advantage of a nearby mobile phone to exfiltrate arbitrary secrets across the Internet at a data rate of hundreds to thousands of bits per second, all without the phone owner’s awareness or permission. All the attack requires is for the phone to browse to an attacker-controlled website. This feat is carried out by exploiting a particular characteristic of the phone’s gyroscope which was discovered by Son et al. We discuss the theoretical principles behind our attack, evaluate it on several different mobile devices, and discuss potential countermeasures and mitigations. Finally, we suggest how this attack vector can be used benevolently for the purpose of safer and easier two-factor authentication.

Monday August 8, 2016 2:00pm - 2:30pm
Texas Ballroom 1

Attendees (2)