How to Phone Home with Someone Else's Phone: Information Exfiltration Using Intentional Sound Noise on Gyroscopic Sensors
Venue: 10th USENIX Workshop on Offensive Technologies (WOOT), 2016
We show how a low-power device, such as a surveillance bug, can take advantage of a nearby mobile phone to exfiltrate arbitrary secrets across the Internet at a data rate of hundreds to thousands of bits per second, all without the phone owner’s awareness or permission. All the attack requires is for the phone to browse to an attacker-controlled website. This feat is carried out by exploiting a particular characteristic of the phone’s gyroscope which was discovered by Son et al. We discuss the theoretical principles behind our attack, evaluate it on several different mobile devices, and discuss potential countermeasures and mitigations. Finally, we suggest how this attack vector can be used benevolently for the purpose of safer and easier two-factor authentication.