nach oben

Erschienen in:

2018 | OriginalPaper | Buchkapitel

Evaluating the Impact of Juice Filming Charging Attack in Practical Environments

verfasst von : Weizhi Meng, Wang Hao Lee, Zhe Liu, Chunhua Su, Yan Li

Erschienen in: Information Security and Cryptology – ICISC 2017

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Nowadays, smartphones are widely adopted in people’s daily lives. With the increasing capability, phone charging has become a basic requirement and a large number of public charging facilitates are under construction for this purpose. However, public charging stations may open a hole for cyber-criminals to launch various attacks, especially charging attacks, to steal phone user’s private information. Juice filming charging (JFC) attack is one such threat, which can refer users’ sensitive information from both Android OS and iOS devices, through automatically monitoring and recording phone screen during the whole charging period. Due to the potential damage of JFC attacks, there is a need to investigate its influence in practical scenarios. Motivated by this, in this work, we firstly conduct a large user survey with over 2500 participants about their awareness and attitude towards charging attacks. We then for the first time investigate the impact of JFC attack under three practical scenarios. Our work aims to complement the state-of-the-art and stimulate more research in this area.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel Security Analysis of Improved Cubic UOV Signature Schemes

Nächstes Kapitel Reading Network Packets as a Natural Language for Intrusion Detection

http://www.epiphan.com/products/vga2usb/.

http://www.coolthings.com/life-spot-smartphone-charging-station/.

Aviv, A.J., Gibson, K., Mossop, E., Blaze, M., Smith, J.M.: Smudge attacks on smartphone touch screens. In: Proceedings of the 4th USENIX Conference on Offensive Technologies (WOOT), pp. 1–7. USENIX Association, Berkeley (2010)

Dagon, D., Martin, T., Starner, T.: Mobile phones as computing devices: the viruses are coming!. IEEE Pervasive Comput. 3(4), 11–15 (2004)CrossRef

De Luca, A., Hang, A., Brudy, F., Lindner, C., Hussmann, H.: Touch me once and i know it’s you! Implicit authentication based on touch screen patterns. In: Proceedings of the 2012 ACM Annual Conference on Human Factors in Computing Systems (CHI), pp. 987–996. ACM, New York (2012)

Feng, T., Liu, Z., Kwon, K.-A., Shi, W., Carbunary, B., Jiang, Y., Nguyen, N.: Continuous mobile authentication using touchscreen gestures. In: Proceedings of the 2012 IEEE Conference on Technologies for Homeland Security (HST), pp. 451–456. IEEE, USA (2012)

Frank, M., Biedert, R., Ma, E., Martinovic, I., Song, D.: Touchalytics: on the applicability of touchscreen input as a behavioral biometric for continuous authentication. IEEE Trans. Inf. Forensics Secur. 8(1), 136–148 (2013)CrossRef

IDC: Smartphone Momentum Still Evident with Shipments Expected to Reach 1.2 Billion in 2014 and Growing 23.1% Over 2013. http://www.idc.com/getdoc.jsp?containerId=prUS24857114

Juice Jacking Vulnerability for iOS. https://www.infotransec.com/news/juice-jacking-vulnerability-ios

Lau, B., Jang, Y., Song, C.: Mactans: injecting malware into iOS devices via malicious chargers. Blackhat, USA (2013)

Li, L., Zhao, X., Xue, G.: Unobservable re-authentication for smartphones. In: Proceedings of the 20th Annual Network and Distributed System Security Symposium (NDSS), pp. 1–16 (2013)

10.

Li, W., Meng, W.: An empirical study on email classification using supervised machine learning in real environments. In: Proceedings of the 2015 IEEE International Conference on Communications (ICC), pp. 7438–7443. IEEE, (2015)

11.

Meng, Y., Wong, D.S., Schlegel, R., Kwok, L.: Touch gestures based biometric authentication scheme for touchscreen mobile phones. In: Kutyłowski, M., Yung, M. (eds.) Inscrypt 2012. LNCS, vol. 7763, pp. 331–350. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-38519-3_21 CrossRef

12.

Meng, Y., Li, W., Kwok, L.-F.: Enhancing click-draw based graphical passwords using multi-touch on mobile phones. In: Janczewski, L.J., Wolfe, H.B., Shenoi, S. (eds.) SEC 2013. IAICT, vol. 405, pp. 55–68. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-39218-4_5 CrossRef

13.

Meng, W., Li, W., Kwok, L.F.: EFM: enhancing the performance of signature-based network intrusion detection systems using enhanced filter mechanism. Comput. Secur. 43, 189–204 (2014)CrossRef

14.

Meng, W., Wong, D.S., Furnell, S., Zhou, J.: Surveying the development of biometric user authentication on mobile phones. IEEE Commun. Surv. Tutor. 17(3), 1–10 (2015)CrossRef

15.

Meng, W., Lee, W.H., Murali, S.R., Krishnan, S.P.T.: Charging me and I know your secrets! Towards juice filming attacks on smartphones. In: Proceedings of the Cyber-Physical System Security Workshop (CPSS), in Conjunction with AsiaCCS 2015. ACM (2015)

16.

Meng, W., Lee, W.H., Murali, S.R., Krishnan, S.P.T.: JuiceCaster: towards automatic juice filming attacks on smartphones. J. Netw. Comput. Appl. 68, 201–212 (2016)CrossRef

17.

Meng, W., Lee, W.H., Krishnan, S.P.T.: A framework for large-scale collection of information from smartphone users based on juice filming attacks. In: Proceedings of the Singapore Cyber Security R&D Conference (SG-CRC), pp. 99–106, January 2016

18.

Meng, W., Fei, F., Li, W., Au, M.H.: Harvesting Smartphone Privacy through Enhanced Juice Filming Charging Attacks. In: Proceedings of the 20th Information Security Conference (ISC) (2017)

19.

Meng, W., Jiang, L., Wang, Y., Li, J., Zhang, J., Xiang, Y.: JFCGuard: Detecting juice filming charging attack via processor usage analysis on smartphones. Comput. Secur. 13 p. (2018, in press). https://doi.org/10.1016/j.cose.2017.11.012

20.

Ossmann, M., Osborn, K.: Multiplexed Wired Attack Surfaces. Black Hat USA (2013). https://media.blackhat.com/us-13/US-13-Ossmann-Multiplexed-Wired-Attack-Surfaces-WP.pdf

21.

Raguram, R., White, A.M., Goswami, D., Monrose, F., Frahm, J.-M.: iSpy: automatic reconstruction of typed input from compromising reflections. In: Proceedings of the 18th ACM Conference on Computer and Communications Security (CCS), pp. 527–536. ACM, New York (2011)

22.

Sae-Bae, N., Memon, N., Isbister, K., Ahmed, K.: Multitouch gesture-based authentication. IEEE Trans. Inf. Forensics Secur. 9(4), 568–582 (2014)CrossRef

23.

Spolaor, R., Abudahi, L., Moonsamy, V., Conti, M., Poovendran, R.: No free charge theorem: a covert channel via USB charging cable on mobile devices. In: Gollmann, D., Miyaji, A., Kikuchi, H. (eds.) ACNS 2017. LNCS, vol. 10355, pp. 83–102. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-61204-1_5 CrossRef

24.

Singapore Power to provide 200 free mobile phone charging stations for SG50 (2015). http://www.straitstimes.com/singapore/singapore-power-to-provide-200-free-mobile-phone-charging-stations-for-sg50

25.

The Original USB Condom. http://int3.cc/products/usbcondoms

26.

Xu, N., Zhang, F., Luo, Y., Jia, W., Xuan, D., Teng, J.: Stealthy video capturer: a new video-based spyware in 3G smartphones. In: Proceedings of the 2nd ACM Conference on Wireless Network Security (WiSec), pp. 69–78. ACM, New York (2009)

27.

Zhang, Y., Xia, P., Luo, J., Ling, Z., Liu, B., Fu, X.: Fingerprint attack against touch-enabled devices. In: Proceedings of the 2nd ACM Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM), pp. 57–68. ACM, New York (2012)

Titel: Evaluating the Impact of Juice Filming Charging Attack in Practical Environments
verfasst von: Weizhi Meng
Wang Hao Lee
Zhe Liu
Chunhua Su
Yan Li
Verlag: Springer International Publishing
Buch: Information Security and Cryptology – ICISC 2017
Print ISBN: 978-3-319-78555-4

Electronic ISBN: 978-3-319-78556-1

Copyright-Jahr: 2018
DOI: https://doi.org/10.1007/978-3-319-78556-1_18

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner