Touchtone leakage attacks via smartphone sensors: mitigation without hardware modification

TL;DR

This paper analyzes how smartphone motion sensors can leak acoustic information like touchtones and evaluates mitigation strategies that can be implemented via software updates without hardware changes.

Contribution

It provides a physics-based analysis of existing mitigation techniques and empirically evaluates their effectiveness in reducing acoustic leakage through motion sensors.

Findings

Low-pass filters reduce data by 83% but minimally impact attack accuracy.

Anti-aliasing filters preserve data for benign use while halving attack accuracy.

Mitigation strategies can significantly reduce leakage without hardware modifications.

Abstract

Smartphone motion sensors provide a concealed mechanism for eavesdropping on acoustic information, like touchtones, emitted by a device. Eavesdropping on touchtones exposes credit card information, banking pins, and social security card numbers to malicious 3rd party apps requiring only motion sensor data. This paper's primary contribution is an analysis rooted in physics and signal processing theory of several eavesdropping mitigations, which could be implemented in a smartphone update. We verify our analysis imperially to show how previously suggested mitigations, i.e. a low-pass filter, can undesirably reduce the motion sensor data to all applications by 83% but only reduce an advanced adversary's accuracy by less than one percent. Other designs, i.e. anti-aliasing filters, can fully preserve the motion sensor data to support benign application functionality while reducing attack accuracy by 50.1%. We intend for this analysis to motivate the need for deployable mitigations against acoustic leakage on smartphone motion sensors, including but not limited to touchtones, while also providing a basis for future mitigations to improve upon.