SonarSnoop: Active Acoustic Side-Channel Attacks
Peng Cheng, Ibrahim Ethem Bagci, Utz Roedig, Jeff Yan
TL;DR
This paper introduces SonarSnoop, an active acoustic side-channel attack that uses inaudible sounds and echoes to infer user interactions on smartphones, revealing significant security vulnerabilities.
Contribution
It presents the first active acoustic side-channel attack method that employs inaudible signals and echo analysis to profile user behavior on mobile devices.
Findings
Reduced unlock pattern candidate space by up to 70%
Demonstrated applicability to various device types
Highlights new security threat family
Abstract
We report the first active acoustic side-channel attack. Speakers are used to emit human inaudible acoustic signals and the echo is recorded via microphones, turning the acoustic system of a smart phone into a sonar system. The echo signal can be used to profile user interaction with the device. For example, a victim's finger movements can be inferred to steal Android phone unlock patterns. In our empirical study, the number of candidate unlock patterns that an attacker must try to authenticate herself to a Samsung S4 Android phone can be reduced by up to 70% using this novel acoustic side-channel. Our approach can be easily applied to other application scenarios and device types. Overall, our work highlights a new family of security threats.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsUser Authentication and Security Systems · Speech and Audio Processing · Music and Audio Processing