Projects per year
Abstract
Software-based power side-channel attacks are a significant security threat to modern computer systems, enabling adversaries to extract confidential information. Existing attacks typically exploit direct power signals from dedicated interfaces, as demonstrated in the PLATYPUS attack, or power-dependent timing variations, as in the case of the Hertzbleed attack. As access to direct power signals is meanwhile restricted on more and more platforms, an important question is whether other exploitable power-related signals exist beyond timing proxies.
In this paper, we show that Android mobile devices expose numerous power-related signals that allow power side-channel attacks. We systematically analyze unprivileged sensors provided by the Android sensor framework on multiple devices and show that these sensors expose parasitic influences of the power consumption. Our results include new insights into Android sensor leakage, particularly a novel leakage primitive: the rotation dependent power leakage of the geomagnetic rotation vector sensor. We extensively evaluate the exposed sensors for different information leakage types. We compare them with the corresponding ground truth, achieving correlations greater than 0.9 for some of our tested sensors. In extreme cases, we observe not only statistical results but also, e.g., changes in a compass app’s needle by approximately 30° due to CPU stress. Additionally, we evaluate the capabilities of our identified leakage primitives in two case studies: As a remote attacker via the Google Chrome web browser and as a local attacker running inside an installed app. In particular, we present an end-to-end pixel-stealing attack on different Android devices that effectively circumvents the browser’s cross-origin isolation with a leakage rate of 5 - 10 s per pixel. Lastly, we demonstrate a proof-of-concept AES attack, leaking individual key bytes using our newly discovered leakage primitive.
In this paper, we show that Android mobile devices expose numerous power-related signals that allow power side-channel attacks. We systematically analyze unprivileged sensors provided by the Android sensor framework on multiple devices and show that these sensors expose parasitic influences of the power consumption. Our results include new insights into Android sensor leakage, particularly a novel leakage primitive: the rotation dependent power leakage of the geomagnetic rotation vector sensor. We extensively evaluate the exposed sensors for different information leakage types. We compare them with the corresponding ground truth, achieving correlations greater than 0.9 for some of our tested sensors. In extreme cases, we observe not only statistical results but also, e.g., changes in a compass app’s needle by approximately 30° due to CPU stress. Additionally, we evaluate the capabilities of our identified leakage primitives in two case studies: As a remote attacker via the Google Chrome web browser and as a local attacker running inside an installed app. In particular, we present an end-to-end pixel-stealing attack on different Android devices that effectively circumvents the browser’s cross-origin isolation with a leakage rate of 5 - 10 s per pixel. Lastly, we demonstrate a proof-of-concept AES attack, leaking individual key bytes using our newly discovered leakage primitive.
Original language | English |
---|---|
Title of host publication | Network and Distributed System Security Symposium (NDSS) 2025 |
DOIs | |
Publication status | Accepted/In press - 2025 |
Event | Network and Distributed System Security Symposium 2025: NDSS 2025 - San Diego, United States Duration: 23 Feb 2025 → 28 Feb 2025 https://www.ndss-symposium.org/ndss2025/ |
Conference
Conference | Network and Distributed System Security Symposium 2025 |
---|---|
Abbreviated title | NDSS 2025 |
Country/Territory | United States |
City | San Diego |
Period | 23/02/25 → 28/02/25 |
Internet address |
Fingerprint
Dive into the research topics of 'Power-Related Side-Channel Attacks using the Android Sensor Framework'. Together they form a unique fingerprint.Projects
- 2 Active
-
EU - FSSec - Foundations for Sustainable Security
Gruss, D. (Co-Investigator (CoI))
1/03/23 → 29/02/28
Project: Research project
-
SEIZE - Secure Edge Devices For Industrial Zero-Trust Environments
Mangard, S. (Co-Investigator (CoI))
1/01/22 → 31/12/24
Project: Research project