Glitch in Time: Exploiting Temporal Misalignment of IMU For Eavesdropping

TL;DR

This paper presents STAG, a novel attack exploiting temporal misalignment in IMUs to bypass security measures, significantly improving eavesdropping effectiveness despite rate limits.

Contribution

Introduces STAG, a new method that exploits IMU temporal misalignment to enable high-rate data sampling for eavesdropping, bypassing Google's security protections.

Findings

Achieves 83.4% reduction in word error rate

Successfully circumvents Google's IMU rate limit

Demonstrates persistent security vulnerabilities in IMUs

Abstract

The increasing use of voice assistants and related applications has raised significant concerns about the security of Inertial Measurement Units (IMUs) in smartphones. These devices are vulnerable to acoustic eavesdropping attacks, jeopardizing user privacy. In response, Google imposed a rate limit of 200 Hz on permission-free access to IMUs, aiming to neutralize such side-channel attacks. Our research introduces a novel exploit, STAG, which circumvents these protections. It induces a temporal misalignment between the gyroscope and accelerometer, cleverly combining their data to resample at higher rates and reviving the potential for eavesdropping attacks previously curtailed by Google's security enhancements. Compared to prior methods, STAG achieves an 83.4% reduction in word error rate, highlighting its effectiveness in exploiting IMU data under restricted access and emphasizing the persistent security risks associated with these sensors.