MAGNETO: Fingerprinting USB Flash Drives via Unintentional Magnetic Emissions

Universal Serial Bus (USB) Flash Drives are nowadays one of the most convenient and diffused means to transfer files, especially when no Internet connection is available. However, USB flash drives are also one of the most common attack vectors used to gain unauthorized access to host devices. For instance, it is possible to replace a USB drive so that when the USB key is connected, it would install passwords stealing tools, root-kit software, and other disrupting malware. In such a way, an attacker can steal sensitive information via the USB-connected devices, as well as inject any kind of malicious software into the host. To thwart the above-cited raising threats, we propose MAGNETO, an efficient, non-interactive, and privacy-preserving framework to verify the authenticity of a USB flash drive, rooted in the analysis of its unintentional magnetic emissions. We show that the magnetic emissions radiated during boot operations on a specific host are unique for each device, and sufficient to uniquely fingerprint both the brand and the model of the USB flash drive, or the specific USB device, depending on the used equipment. Our investigation on 59 different USB flash drives---belonging to 17 brands, including the top brands purchased on Amazon in mid-2019---, reveals a minimum classification accuracy of 98.2% in the identification of both brand and model, accompanied by a negligible time and computational overhead. MAGNETO can also identify the specific USB Flash drive, with a minimum classification accuracy of 91.2%. Overall, MAGNETO proves that unintentional magnetic emissions can be considered as a viable and reliable means to fingerprint read-only USB flash drives. Finally, future research directions in this domain are also discussed.Comment: Accepted for publication in ACM Transactions on Embedded Computing Systems (TECS) in September 202

First Responder Assistance Tool for Mobile Device Forensics

The growing importance of mobile telephones, especially so called smartphones , the problem of identifying these phones has become a real issue. There is a prevalence of these devices being used by criminals, foreign agents and terrorists. The need to be able to quickly identify these phones and determine what forensics tools maybe compatible with the device. The issue of imitation phones and the potential of hidden operating systems have further muddied the forensics waters. Having a starting point from which to perform this analysis is important first step. The purpose of this research is to provide that starting point. By analyzing basic aspects of the phone and viewing the compatibility with other forensics tools it will give the investigator ideas as to what they can reasonably expect to gain from analyzing the phone. Additionally this software attempts to gather information about the software with the intention of detecting hidden partitions and secondary operating systems

On Inferring Browsing Activity on Smartphones via USB Power Analysis Side-Channel

In this paper, we show that public USB charging stations pose a significant privacy risk to smartphone users even when no data communication is possible between the station and the user\u27s mobile device. We present a side-channel attack that allows a charging station to identify which Webpages are loaded while the smartphone is charging. To evaluate this side-channel, we collected power traces of Alexa top 50 Websites on multiple smartphones under several conditions, including battery charging level, browser cache enabled/disabled, taps on the screen, Wi-Fi/LTE, TLS encryption enabled/disabled, time elapsed between collection of training and testing data, and location of the Website. The results of our evaluation show that the attack is highly successful: in many settings, we were able to achieve over 90% Webpage identification accuracy. On the other hand, our experiments also show that this side-channel is sensitive to some of the aforementioned conditions. For instance, when training and testing traces were collected 70 days apart, accuracies were as low as 2.2%. Although there are studies that show that power-based side-channels can predict browsing activity on laptops, this paper is unique, because it is the first to study this side-channel on smartphones, under smartphone-specific constraints. Further, we demonstrate that Websites can be correctly identified within a short time span of 2 x 6 seconds, which is in contrast with prior work, which uses 15-s traces. This is important, because users typically spend less than 15 s on a Webpage

IoT device fingerprinting with sequence-based features

Exponential growth of Internet of Things complicates the network management in terms of security and device troubleshooting due to the heterogeneity of IoT devices. In the absence of a proper device identification mechanism, network administrators are unable to limit unauthorized accesses, locate vulnerable/rogue devices or assess the security policies applicable to these devices. Hence identifying the devices connected to the network is essential as it provides important insights about the devices that enable proper application of security measures and improve the efficiency of device troubleshooting. Despite the fact that active device fingerprinting reveals in depth information about devices, passive device fingerprinting has gained focus as a consequence of the lack of cooperation of devices in active fingerprinting. We propose a passive, feature based device identification technique that extracts features from a sequence of packets during the initial startup of a device and then uses machine learning for classification. Proposed system improves the average device prediction F1-score up to 0.912 which is a 14% increase compared with the state-of-the-art technique. In addition, We have analyzed the impact of confidence threshold on device prediction accuracy when a previously unknown device is detected by the classifier. As future work we suggest a feature-based approach to detect anomalies in devices by comparing long-term device behaviors