Eavesdropping Mobile App Activity via Radio-Frequency Energy Harvesting

Eavesdropping Mobile App Activity via Radio-Frequency Energy Harvesting

Ni, Tao (City University of Hong Kong)
Lan, G. (TU Delft Embedded Systems)
Wang, Jia (Shenzhen University)
Zhao, Qingchuan (City University of Hong Kong)
Xu, Weitao (City University of Hong Kong)

2023

Radio-frequency (RF) energy harvesting is a promising technology for Internet-of-Things (IoT) devices to power sensors and prolong battery life. In this paper, we present a novel side-channel attack that leverages RF energy harvesting signals to eavesdrop mobile app activities. To demonstrate this novel attack, we propose AppListener, an automated attack framework that recognizes fine-grained mobile app activities from harvested RF energy. The RF energy is harvested from a custom-built RF energy harvester which generates voltage signals from ambient Wi-Fi transmissions, and app activities are recognized from a three-tier classification algorithm. We evaluate AppListener with four mobile devices running 40 common mobile apps (e.g., YouTube, Facebook, and WhatsApp) belonging to five categories (i.e., video, music, social media, communication, and game); each category contains five application-specific activities. Experiment results show that AppListener achieves over 99% accuracy in differentiating four different mobile devices, over 98% accuracy in classifying 40 different apps, and 86.7% accuracy in recognizing five sets of application-specific activities. Moreover, a comprehensive study is conducted to show AppListener is robust to a number of impact factors, such as distance, environment, and non-target connected devices. Practices of integrating AppListener into commercial IoT devices also demonstrate that it is easy to deploy. Finally, countermeasures are presented as the first step to defend against this novel attack.

http://resolver.tudelft.nl/uuid:a5662ca4-853e-421e-bf12-41f7c9337fe8

USENIX Association

9781713879497

32nd USENIX Security Symposium, USENIX Security 2023

32nd USENIX Security Symposium, USENIX Security 2023, 2023-08-09 → 2023-08-11, Anaheim, United States

32nd USENIX Security Symposium, USENIX Security 2023, 5

Funding Information: We sincerely thank our shepherd and anonymous reviewers for their constructive comments. This research was substantially supported by NFSC (Project 62101471) and was partially supported by the Shenzhen Research Institute, City University of Hong Kong, the Research Grants Council of the Hong Kong SAR, China (ECS Project CityU 21201420 and GRF Project CityU 11201422), CityU APRC grant 9610563, CityU SRG-Fd grant 7005853, Shenzhen Science and Technology Funding Fundamental Research Program (Project No. 2021Szvup126), NSF of Shandong Province (Project No. ZR2021LZH010), and a grant from Chow Sang Sang Group Research Fund sponsored by Chow Sang Sang Holdings International Limited (Project No. 9229062). Any opinions, findings, and conclusions in this paper are those of the authors and do not necessarily of supported organizations.

Institutional Repository

conference paper

© 2023 Tao Ni, G. Lan, Jia Wang, Qingchuan Zhao, Weitao Xu