Threat Landscape of Attacks on Smartphone Sensors

Tech News

by Frank 3 Views 0

By Vinay Prabhu, Principal Machine Learning Scientist at UnifyID Inc
Vinay Prabhu, Principal Machine Learning Scientist at UnifyID Inc

Ever wondered what black magic powers smartphones apps such as Sky Maps to know the precise orientation of your phone while you gaze at the heavens or allows ride-hail apps such as Uber to generate such stunningly granular reporting on the drivers’ braking and acceleration patterns or apps like Metal Detector to help you hunt ghosts?

Three examples of popular apps that use the inertial measurement unit sensors
Fig. 1: Three examples of popular apps that use the inertial measurement unit sensors

In the next few minutes, you will be ushered into the world of the humble trio of Inertial Measurement Unit-IMU-sensors, or motion sensors, that is accelerometers, gyroscopes and magnetometers. These unsung little workhorses lurking unsuspectingly on our phones’ motherboards furiously transducing and spitting data emanating from every sinew of motion and vibration around you whilst quietly fueling an emergent wave of artificial intelligence that will influence and shape our lives deeply in the coming decade. Now, the question is: Does your smartphone have these as well? In case you own a reasonably new smartphone, like this author, chances are that dialling the following USSD secret code will give you backdoor access to a screen that looks like the one in the figure below.

Sensors on a Samsung S8 device
Fig. 2: Sensors on a Samsung S8 device

Woah! You did not realize there was an entire menagerie of sensors prowling in your phone did you? You are certainly not alone. According to a recent survey, a staggering 61% of the smartphone users had never even heard of accelerometers and an even higher ratio (73%) had not even heard of Gyroscopes.

In order to give the reader an idea as to how incredibly sensitive and fast these sensors are, a typical IMU sensor has a linear acceleration sensitivity as low as 0.00061 g/LSB (gravitational acceleration per Least Signal Bit) and an angular rate sensitivity of 0.004375 degrees per sec/LSB, and can be sampled at the rate of 6664 samples per second. However, in order to save battery, the mobile operating system does limit the sampling rate to 416 samples per second, which is still impressively high. These sensors are so incredibly sensitive that they can be used as a reliable alternative to Electromyogram(EMG) for tremor frequency assessment when it comes to care of patients with a diagnosis of Parkinson’s Disease, Essential tremor, Holmes’ tremor and even Orthostatic tremor!

These examples are part of this very exciting revolution happening in the personal healthcare space where emergence of the motion sensors-laden smartphone as the centerpiece of democratization of healthcare-hardware has yielded incredible results in domains such as Gait and Posture related disorders treatment, geriatric Care and treatment of neurodegenerative disorders (See figure below)

Specific domains of personal healthcare being influenced by motion sensors
Fig. 3: Specific domains of personal healthcare being influenced by motion sensors

Besides healthcare, these motion sensors are driving incredible advances in so many areas such as Imaging, VR/AR (virtual reality and augmented reality), indoor positioning and password-free personal authentication.

However, this very sensitivity and power of these opens the door for some heinous attacks to be carried out with much ease that were hitherto not achievable.

In the rest of this article, I survey the landscape of such attacks, categorize them and highlight the flagship examples in each category. The goal of this venture is to not just highlight these threats to the security community at large, but to also pique the interest of sensor designers and manufacturers who will play a crucial role in overcoming these threats.

Threat landscape of attacks on smartphone sensors
Fig. 4: Threat landscape of attacks on smartphone sensors

Most security attacks on sensors broadly fall into two categories: Spoofing attacks and Attacks with intent of malicious use. Spoof attacks actually target modification of the sensor data being used by a legitimate application either by cunningly injecting fake or synthetic data somewhere in the pipeline or introducing adversarial vibrations around the phone (by playing sounds of certain frequencies for example) and thus dirtying up the very data that the sensor is picking up. Attacks with malicious intent involve nefariously eavesdropping on the sensors’ data and inferring things that the user might be typing or talking without having to access the traditional well-guarded sources of such information like the microphone.

Now, let’s dive deeper

A) Spoofing

Spoofing attacks in the context of the smartphone sensors are carried out in two ways: Spoofing by injection and spoofing by transduction.