Fingerprinting Smart Devices Through Embedded Acoustic Components

The widespread use of smart devices gives rise to both security and privacy concerns. Fingerprinting smart devices can assist in authenticating physical devices, but it can also jeopardize privacy by allowing remote identification without user awareness. We propose a novel fingerprinting approach that uses the microphones and speakers of smart phones to uniquely identify an individual device. During fabrication, subtle imperfections arise in device microphones and speakers which induce anomalies in produced and received sounds. We exploit this observation to fingerprint smart devices through playback and recording of audio samples. We use audio-metric tools to analyze and explore different acoustic features and analyze their ability to successfully fingerprint smart devices. Our experiments show that it is even possible to fingerprint devices that have the same vendor and model; we were able to accurately distinguish over 93% of all recorded audio clips from 15 different units of the same model. Our study identifies the prominent acoustic features capable of fingerprinting devices with high success rate and examines the effect of background noise and other variables on fingerprinting accuracy

Fatal attraction: identifying mobile devices through electromagnetic emissions

Smartphones are increasingly augmented with sensors for a variety of purposes. In this paper, we show how magnetic field emissions can be used to fingerprint smartphones. Previous work on identification rely on specific characteristics that vary with the settings and components available on a device. This limits the number of devices on which one approach is effective. By contrast, all electronic devices emit a magnetic field which is accessible either through the API or measured through an external device. We conducted an in-the-wild study over four months and collected mobile sensor data from 175 devices. In our experiments we observed that the electromagnetic field measured by the magnetometer identifies devices with an accuracy of 98.9%. Furthermore, we show that even if the sensor was removed from the device or access to it was discontinued, identification would still be possible from a secondary device in close proximity to the target. Our findings suggest that the magnetic field emitted by smartphones is unique and fingerprinting devices based on this feature can be performed without the knowledge or cooperation of users

DolphinAtack: Inaudible Voice Commands

Speech recognition (SR) systems such as Siri or Google Now have become an increasingly popular human-computer interaction method, and have turned various systems into voice controllable systems(VCS). Prior work on attacking VCS shows that the hidden voice commands that are incomprehensible to people can control the systems. Hidden voice commands, though hidden, are nonetheless audible. In this work, we design a completely inaudible attack, DolphinAttack, that modulates voice commands on ultrasonic carriers (e.g., f > 20 kHz) to achieve inaudibility. By leveraging the nonlinearity of the microphone circuits, the modulated low frequency audio commands can be successfully demodulated, recovered, and more importantly interpreted by the speech recognition systems. We validate DolphinAttack on popular speech recognition systems, including Siri, Google Now, Samsung S Voice, Huawei HiVoice, Cortana and Alexa. By injecting a sequence of inaudible voice commands, we show a few proof-of-concept attacks, which include activating Siri to initiate a FaceTime call on iPhone, activating Google Now to switch the phone to the airplane mode, and even manipulating the navigation system in an Audi automobile. We propose hardware and software defense solutions. We validate that it is feasible to detect DolphinAttack by classifying the audios using supported vector machine (SVM), and suggest to re-design voice controllable systems to be resilient to inaudible voice command attacks.Comment: 15 pages, 17 figure

On the security of consumer wearable devices in the Internet of Things

Miniaturization of computer hardware and the demand for network capable devices has resulted in the emergence of a new class of technology called wearable computing. Wearable devices have many purposes like lifestyle support, health monitoring, fitness monitoring, entertainment, industrial uses, and gaming. Wearable devices are hurriedly being marketed in an attempt to capture an emerging market. Owing to this, some devices do not adequately address the need for security. To enable virtualization and connectivity wearable devices sense and transmit data, therefore it is essential that the device, its data and the user are protected. In this paper the use of novel Integrated Circuit Metric (ICMetric) technology for the provision of security in wearable devices has been suggested. ICMetric technology uses the features of a device to generate an identification which is then used for the provision of cryptographic services. This paper explores how a device ICMetric can be generated by using the accelerometer and gyroscope sensor. Since wearable devices often operate in a group setting the work also focuses on generating a group identification which is then used to deliver services like authentication, confidentiality, secure admission and symmetric key generation. Experiment and simulation results prove that the scheme offers high levels of security without compromising on resource demands

Understanding and mitigating the privacy risks of smartphone sensor fingerprinting

The widespread use of smartphones in our everyday life gives rise to privacy concerns. Fingerprinting smartphones can jeopardize user privacy by enabling remote identification of users without users' awareness. In this dissertation we study the feasibility of using on-board sensors such as microphones, accelerometers and gyroscopes to fingerprint smartphones. During fabrication, subtle imperfections arise in device sensors which induce distinctive anomalies in the generated signal. Using machine learning techniques we can distinguish smartphones generating such distinctive anomalies. We first look at fingerprinting smartphones through on-board microphones and speakers. We explore different acoustic features and analyze their ability to successfully fingerprint smartphones. Our study identifies the prominent acoustic features capable of fingerprinting smartphones with a high success rate, and also examines the impact of background noise and other variables on fingerprinting accuracy. Next, we surreptitiously fingerprint smartphones using the imperfections of motion sensors (i.e., accelerometers and gyroscopes) embedded in modern smartphones, through a web page. We analyze how well motion sensor fingerprinting works under real-world constraints by collecting data from a large number of smartphones under both lab and public environments. Our study demonstrates that motion sensor fingerprinting is effective even with 500 users. We also develop a model to estimate prediction accuracy for larger user populations; our model provides a conservative estimate of at least 10% classification accuracy with 100000 users, which suggests that motion sensor fingerprinting can be effective when combined with even a weak browser fingerprint. We then investigate the use of motion sensors on the web and find, distressingly, that many sites send motion sensor data to servers for storage and analysis, paving the way for potential fingerprinting. Finally, we consider the problem of developing countermeasures for motion sensor fingerprinting; we propose several practical countermeasures and evaluate their usability through a large-scale user study. We find that countermeasures such as data obfuscation and sensor quantization are really promising in the sense that they not only drastically reduce fingerprinting accuracy but also remain benign to applications using motion sensors

Smartphone-based food diagnostic technologies: A review

A new generation of mobile sensing approaches offers significant advantages over traditional platforms in terms of test speed, control, low cost, ease-of-operation, and data management, and requires minimal equipment and user involvement. The marriage of novel sensing technologies with cellphones enables the development of powerful lab-on-smartphone platforms for many important applications including medical diagnosis, environmental monitoring, and food safety analysis. This paper reviews the recent advancements and developments in the field of smartphone-based food diagnostic technologies, with an emphasis on custom modules to enhance smartphone sensing capabilities. These devices typically comprise multiple components such as detectors, sample processors, disposable chips, batteries and software, which are integrated with a commercial smartphone. One of the most important aspects of developing these systems is the integration of these components onto a compact and lightweight platform that requires minimal power. To date, researchers have demonstrated several promising approaches employing various sensing techniques and device configurations. We aim to provide a systematic classification according to the detection strategy, providing a critical discussion of strengths and weaknesses. We have also extended the analysis to the food scanning devices that are increasingly populating the Internet of Things (IoT) market, demonstrating how this field is indeed promising, as the research outputs are quickly capitalized on new start-up companies