EE Seminar: Side-channel attacks on mobile devices

Yan Michalevsky
Stanford University
Wednesday, May 13th, 2015
15:00 - 16:00
Room 011, Kitot Bldg., Faculty of Engineering
Side-channel attacks on mobile devices
Abstract
Modern smartphones are loaded with sensors that measure a lot of information about the environment: a compass, an accelerometer, a GPS receiver, a microphone, an ampere-meter, etc. Some sensors, like the GPS receiver and microphone, are protected, as applications must request special permissions to read data from them. Other sensors, like the accelerometer and ampere-meter, are considered innocuous and can be read by any application without special permissions.
In a sequence of recent papers we show that smartphone sensors can be abused: malicious applications can use innocuous sensors for unintended purposes.  We give three illustrative examples: access to the accelerometer results in a device fingerprint that is strongly bound to the phone, access to the gyro sensor enables an application without privileges to eavesdrop on acoustic signals, including speech, in the vicinity of the phone. Access to the ampere-meter reveals information about the phone’s past and present locations.
We suggest defenses specific to these particular attacks, as well as more general principles for designing a more secure ecosystem of smart devices.

Bio
Yan is a PhD student at Stanford University, advised by Dan Boneh. He recently focused on mobile security and privacy. His works on side-channel attacks on mobile devices were presented at Usenix and BlackHat security conferences.
Previously, he held several positions in industry as a team manager, independent contractor, and software architect and developer, mostly in the fields of networks, embedded software and security. He holds a BSc in Electrical Engineering from the Technion, and an MS in Electrical Engineering from Stanford University.