Evaluating the Impact of Juice Filming Charging Attack in Practical Environments

  • Weizhi Meng
  • Wang Hao Lee
  • Zhe Liu
  • Chunhua Su
  • Yan Li
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10779)

Abstract

Nowadays, smartphones are widely adopted in people’s daily lives. With the increasing capability, phone charging has become a basic requirement and a large number of public charging facilitates are under construction for this purpose. However, public charging stations may open a hole for cyber-criminals to launch various attacks, especially charging attacks, to steal phone user’s private information. Juice filming charging (JFC) attack is one such threat, which can refer users’ sensitive information from both Android OS and iOS devices, through automatically monitoring and recording phone screen during the whole charging period. Due to the potential damage of JFC attacks, there is a need to investigate its influence in practical scenarios. Motivated by this, in this work, we firstly conduct a large user survey with over 2500 participants about their awareness and attitude towards charging attacks. We then for the first time investigate the impact of JFC attack under three practical scenarios. Our work aims to complement the state-of-the-art and stimulate more research in this area.

Keywords

Smartphone privacy Android and iOS Video recording Charging station Juice filming charging attack Practical evaluation 

Notes

Acknowledgment

We would like to thank all participants for their efforts made in the survey and the collaborating organizations for assisting the real deployment and evaluation.

References

  1. 1.
    Aviv, A.J., Gibson, K., Mossop, E., Blaze, M., Smith, J.M.: Smudge attacks on smartphone touch screens. In: Proceedings of the 4th USENIX Conference on Offensive Technologies (WOOT), pp. 1–7. USENIX Association, Berkeley (2010)Google Scholar
  2. 2.
    Dagon, D., Martin, T., Starner, T.: Mobile phones as computing devices: the viruses are coming!. IEEE Pervasive Comput. 3(4), 11–15 (2004)CrossRefGoogle Scholar
  3. 3.
    De Luca, A., Hang, A., Brudy, F., Lindner, C., Hussmann, H.: Touch me once and i know it’s you! Implicit authentication based on touch screen patterns. In: Proceedings of the 2012 ACM Annual Conference on Human Factors in Computing Systems (CHI), pp. 987–996. ACM, New York (2012)Google Scholar
  4. 4.
    Feng, T., Liu, Z., Kwon, K.-A., Shi, W., Carbunary, B., Jiang, Y., Nguyen, N.: Continuous mobile authentication using touchscreen gestures. In: Proceedings of the 2012 IEEE Conference on Technologies for Homeland Security (HST), pp. 451–456. IEEE, USA (2012)Google Scholar
  5. 5.
    Frank, M., Biedert, R., Ma, E., Martinovic, I., Song, D.: Touchalytics: on the applicability of touchscreen input as a behavioral biometric for continuous authentication. IEEE Trans. Inf. Forensics Secur. 8(1), 136–148 (2013)CrossRefGoogle Scholar
  6. 6.
    IDC: Smartphone Momentum Still Evident with Shipments Expected to Reach 1.2 Billion in 2014 and Growing 23.1% Over 2013. http://www.idc.com/getdoc.jsp?containerId=prUS24857114
  7. 7.
  8. 8.
    Lau, B., Jang, Y., Song, C.: Mactans: injecting malware into iOS devices via malicious chargers. Blackhat, USA (2013)Google Scholar
  9. 9.
    Li, L., Zhao, X., Xue, G.: Unobservable re-authentication for smartphones. In: Proceedings of the 20th Annual Network and Distributed System Security Symposium (NDSS), pp. 1–16 (2013)Google Scholar
  10. 10.
    Li, W., Meng, W.: An empirical study on email classification using supervised machine learning in real environments. In: Proceedings of the 2015 IEEE International Conference on Communications (ICC), pp. 7438–7443. IEEE, (2015)Google Scholar
  11. 11.
    Meng, Y., Wong, D.S., Schlegel, R., Kwok, L.: Touch gestures based biometric authentication scheme for touchscreen mobile phones. In: Kutyłowski, M., Yung, M. (eds.) Inscrypt 2012. LNCS, vol. 7763, pp. 331–350. Springer, Heidelberg (2013).  https://doi.org/10.1007/978-3-642-38519-3_21 CrossRefGoogle Scholar
  12. 12.
    Meng, Y., Li, W., Kwok, L.-F.: Enhancing click-draw based graphical passwords using multi-touch on mobile phones. In: Janczewski, L.J., Wolfe, H.B., Shenoi, S. (eds.) SEC 2013. IAICT, vol. 405, pp. 55–68. Springer, Heidelberg (2013).  https://doi.org/10.1007/978-3-642-39218-4_5 CrossRefGoogle Scholar
  13. 13.
    Meng, W., Li, W., Kwok, L.F.: EFM: enhancing the performance of signature-based network intrusion detection systems using enhanced filter mechanism. Comput. Secur. 43, 189–204 (2014)CrossRefGoogle Scholar
  14. 14.
    Meng, W., Wong, D.S., Furnell, S., Zhou, J.: Surveying the development of biometric user authentication on mobile phones. IEEE Commun. Surv. Tutor. 17(3), 1–10 (2015)CrossRefGoogle Scholar
  15. 15.
    Meng, W., Lee, W.H., Murali, S.R., Krishnan, S.P.T.: Charging me and I know your secrets! Towards juice filming attacks on smartphones. In: Proceedings of the Cyber-Physical System Security Workshop (CPSS), in Conjunction with AsiaCCS 2015. ACM (2015)Google Scholar
  16. 16.
    Meng, W., Lee, W.H., Murali, S.R., Krishnan, S.P.T.: JuiceCaster: towards automatic juice filming attacks on smartphones. J. Netw. Comput. Appl. 68, 201–212 (2016)CrossRefGoogle Scholar
  17. 17.
    Meng, W., Lee, W.H., Krishnan, S.P.T.: A framework for large-scale collection of information from smartphone users based on juice filming attacks. In: Proceedings of the Singapore Cyber Security R&D Conference (SG-CRC), pp. 99–106, January 2016Google Scholar
  18. 18.
    Meng, W., Fei, F., Li, W., Au, M.H.: Harvesting Smartphone Privacy through Enhanced Juice Filming Charging Attacks. In: Proceedings of the 20th Information Security Conference (ISC) (2017)Google Scholar
  19. 19.
    Meng, W., Jiang, L., Wang, Y., Li, J., Zhang, J., Xiang, Y.: JFCGuard: Detecting juice filming charging attack via processor usage analysis on smartphones. Comput. Secur. 13 p. (2018, in press).  https://doi.org/10.1016/j.cose.2017.11.012
  20. 20.
    Ossmann, M., Osborn, K.: Multiplexed Wired Attack Surfaces. Black Hat USA (2013). https://media.blackhat.com/us-13/US-13-Ossmann-Multiplexed-Wired-Attack-Surfaces-WP.pdf
  21. 21.
    Raguram, R., White, A.M., Goswami, D., Monrose, F., Frahm, J.-M.: iSpy: automatic reconstruction of typed input from compromising reflections. In: Proceedings of the 18th ACM Conference on Computer and Communications Security (CCS), pp. 527–536. ACM, New York (2011)Google Scholar
  22. 22.
    Sae-Bae, N., Memon, N., Isbister, K., Ahmed, K.: Multitouch gesture-based authentication. IEEE Trans. Inf. Forensics Secur. 9(4), 568–582 (2014)CrossRefGoogle Scholar
  23. 23.
    Spolaor, R., Abudahi, L., Moonsamy, V., Conti, M., Poovendran, R.: No free charge theorem: a covert channel via USB charging cable on mobile devices. In: Gollmann, D., Miyaji, A., Kikuchi, H. (eds.) ACNS 2017. LNCS, vol. 10355, pp. 83–102. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-61204-1_5 CrossRefGoogle Scholar
  24. 24.
    Singapore Power to provide 200 free mobile phone charging stations for SG50 (2015). http://www.straitstimes.com/singapore/singapore-power-to-provide-200-free-mobile-phone-charging-stations-for-sg50
  25. 25.
    The Original USB Condom. http://int3.cc/products/usbcondoms
  26. 26.
    Xu, N., Zhang, F., Luo, Y., Jia, W., Xuan, D., Teng, J.: Stealthy video capturer: a new video-based spyware in 3G smartphones. In: Proceedings of the 2nd ACM Conference on Wireless Network Security (WiSec), pp. 69–78. ACM, New York (2009)Google Scholar
  27. 27.
    Zhang, Y., Xia, P., Luo, J., Ling, Z., Liu, B., Fu, X.: Fingerprint attack against touch-enabled devices. In: Proceedings of the 2nd ACM Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM), pp. 57–68. ACM, New York (2012)Google Scholar

Copyright information

© Springer International Publishing AG, part of Springer Nature 2018

Authors and Affiliations

  • Weizhi Meng
    • 1
  • Wang Hao Lee
    • 2
  • Zhe Liu
    • 3
  • Chunhua Su
    • 4
  • Yan Li
    • 5
  1. 1.Department of Applied Mathematics and Computer ScienceTechnical University of DenmarkKongens LyngbyDenmark
  2. 2.Infocomm Security DepartmentInstitute for Infocomm ResearchSingaporeSingapore
  3. 3.APSIA, Interdisciplinary Centre for Security, Reliability and TrustUniversity of LuxembourgLuxembourgLuxembourg
  4. 4.Division of Computer ScienceUniversity of AizuAizuwakamatsuJapan
  5. 5.Advanced Digital Sciences CenterSingaporeSingapore

Personalised recommendations