Title
Eavesdropping Mobile App Activity via Radio-Frequency Energy Harvesting
Author
Ni, Tao (City University of Hong Kong)
Lan, G. (TU Delft Embedded Systems)
Wang, Jia (Shenzhen University)
Zhao, Qingchuan (City University of Hong Kong)
Xu, Weitao (City University of Hong Kong)
Date
2023
Abstract
Radio-frequency (RF) energy harvesting is a promising technology for Internet-of-Things (IoT) devices to power sensors and prolong battery life. In this paper, we present a novel side-channel attack that leverages RF energy harvesting signals to eavesdrop mobile app activities. To demonstrate this novel attack, we propose AppListener, an automated attack framework that recognizes fine-grained mobile app activities from harvested RF energy. The RF energy is harvested from a custom-built RF energy harvester which generates voltage signals from ambient Wi-Fi transmissions, and app activities are recognized from a three-tier classification algorithm. We evaluate AppListener with four mobile devices running 40 common mobile apps (e.g., YouTube, Facebook, and WhatsApp) belonging to five categories (i.e., video, music, social media, communication, and game); each category contains five application-specific activities. Experiment results show that AppListener achieves over 99% accuracy in differentiating four different mobile devices, over 98% accuracy in classifying 40 different apps, and 86.7% accuracy in recognizing five sets of application-specific activities. Moreover, a comprehensive study is conducted to show AppListener is robust to a number of impact factors, such as distance, environment, and non-target connected devices. Practices of integrating AppListener into commercial IoT devices also demonstrate that it is easy to deploy. Finally, countermeasures are presented as the first step to defend against this novel attack.
To reference this document use:
http://resolver.tudelft.nl/uuid:a5662ca4-853e-421e-bf12-41f7c9337fe8
Publisher
USENIX Association
ISBN
9781713879497
Source
32nd USENIX Security Symposium, USENIX Security 2023
Event
32nd USENIX Security Symposium, USENIX Security 2023, 2023-08-09 → 2023-08-11, Anaheim, United States
Series
32nd USENIX Security Symposium, USENIX Security 2023, 5
Bibliographical note
Funding Information: We sincerely thank our shepherd and anonymous reviewers for their constructive comments. This research was substantially supported by NFSC (Project 62101471) and was partially supported by the Shenzhen Research Institute, City University of Hong Kong, the Research Grants Council of the Hong Kong SAR, China (ECS Project CityU 21201420 and GRF Project CityU 11201422), CityU APRC grant 9610563, CityU SRG-Fd grant 7005853, Shenzhen Science and Technology Funding Fundamental Research Program (Project No. 2021Szvup126), NSF of Shandong Province (Project No. ZR2021LZH010), and a grant from Chow Sang Sang Group Research Fund sponsored by Chow Sang Sang Holdings International Limited (Project No. 9229062). Any opinions, findings, and conclusions in this paper are those of the authors and do not necessarily of supported organizations.
Part of collection
Institutional Repository
Document type
conference paper
Rights
© 2023 Tao Ni, G. Lan, Jia Wang, Qingchuan Zhao, Weitao Xu