Harvesting Smartphone Privacy Through Enhanced Juice Filming Charging Attacks

Weizhi Meng, Fei Fei, Wenjuan Li, Man Ho Au

Research output: Chapter in Book/Report/Conference proceedingArticle in proceedingsResearchpeer-review

Abstract

The increasingly high demand for smartphone charging in people’s daily lives has apparently encouraged much more public charging stations to be deployed in various places (e.g., shopping malls, airports). However, these public charging facilities may open a hole for cyber-criminals to infer private information and data from smartphone users. Juice filming charging (JFC) attack is a particular type of charging attacks, which is capable of stealing users’ sensitive information from both Android OS and iOS devices, through automatically monitoring and recording phone screen during the whole charging period. The rationale is that phone screen can be leaked through a standard micro USB connector, which adopts the Mobile High-Definition Link (MHL) standard. In practice, we identify that how to efficiently extract information from the captured videos remains a challenge for current JFC attack. To further investigate its practical influence, in this work, we focus on enhancing its performance in the aspects of extracting texts from images and correlating information, and then conducting a user study in a practical scenario. The obtained results demonstrate that our enhanced JFC attack can outperform the original one in collecting users’ information at large and extracting sensitive data with a higher accuracy. Our work aims to complement existing results and stimulate more efforts in defending smartphones against charging threats.
Original languageEnglish
Title of host publicationInformation Security
Number of pages18
Volume10599
PublisherSpringer
Publication date2017
Pages291-308
ISBN (Print)978-3-319-69658-4
ISBN (Electronic)978-3-319-69659-1
DOIs
Publication statusPublished - 2017
Event20th International conference on information security - Ho Chi Minh City, Viet Nam
Duration: 22 Nov 201724 Nov 2017

Conference

Conference20th International conference on information security
CountryViet Nam
CityHo Chi Minh City
Period22/11/201724/11/2017
SeriesLecture Notes in Computer Science
Volume10599
ISSN0302-9743

Keywords

  • Mobile privacy and security
  • Android and iOS
  • Charging threat
  • OCR technology
  • Juice filming charging attack

Cite this

Meng, W., Fei, F., Li, W., & Au, M. H. (2017). Harvesting Smartphone Privacy Through Enhanced Juice Filming Charging Attacks. In Information Security (Vol. 10599, pp. 291-308). Springer. Lecture Notes in Computer Science, Vol.. 10599 https://doi.org/10.1007/978-3-319-69659-1_16
Meng, Weizhi ; Fei, Fei ; Li, Wenjuan ; Au, Man Ho. / Harvesting Smartphone Privacy Through Enhanced Juice Filming Charging Attacks. Information Security. Vol. 10599 Springer, 2017. pp. 291-308 (Lecture Notes in Computer Science, Vol. 10599).
@inproceedings{8e7bb07c40d641a88bff1cae006922ea,
title = "Harvesting Smartphone Privacy Through Enhanced Juice Filming Charging Attacks",
abstract = "The increasingly high demand for smartphone charging in people’s daily lives has apparently encouraged much more public charging stations to be deployed in various places (e.g., shopping malls, airports). However, these public charging facilities may open a hole for cyber-criminals to infer private information and data from smartphone users. Juice filming charging (JFC) attack is a particular type of charging attacks, which is capable of stealing users’ sensitive information from both Android OS and iOS devices, through automatically monitoring and recording phone screen during the whole charging period. The rationale is that phone screen can be leaked through a standard micro USB connector, which adopts the Mobile High-Definition Link (MHL) standard. In practice, we identify that how to efficiently extract information from the captured videos remains a challenge for current JFC attack. To further investigate its practical influence, in this work, we focus on enhancing its performance in the aspects of extracting texts from images and correlating information, and then conducting a user study in a practical scenario. The obtained results demonstrate that our enhanced JFC attack can outperform the original one in collecting users’ information at large and extracting sensitive data with a higher accuracy. Our work aims to complement existing results and stimulate more efforts in defending smartphones against charging threats.",
keywords = "Mobile privacy and security, Android and iOS, Charging threat, OCR technology, Juice filming charging attack",
author = "Weizhi Meng and Fei Fei and Wenjuan Li and Au, {Man Ho}",
year = "2017",
doi = "10.1007/978-3-319-69659-1_16",
language = "English",
isbn = "978-3-319-69658-4",
volume = "10599",
series = "Lecture Notes in Computer Science",
publisher = "Springer",
pages = "291--308",
booktitle = "Information Security",

}

Meng, W, Fei, F, Li, W & Au, MH 2017, Harvesting Smartphone Privacy Through Enhanced Juice Filming Charging Attacks. in Information Security. vol. 10599, Springer, Lecture Notes in Computer Science, vol. 10599, pp. 291-308, 20th International conference on information security, Ho Chi Minh City, Viet Nam, 22/11/2017. https://doi.org/10.1007/978-3-319-69659-1_16

Harvesting Smartphone Privacy Through Enhanced Juice Filming Charging Attacks. / Meng, Weizhi; Fei, Fei; Li, Wenjuan; Au, Man Ho.

Information Security. Vol. 10599 Springer, 2017. p. 291-308 (Lecture Notes in Computer Science, Vol. 10599).

Research output: Chapter in Book/Report/Conference proceedingArticle in proceedingsResearchpeer-review

TY - GEN

T1 - Harvesting Smartphone Privacy Through Enhanced Juice Filming Charging Attacks

AU - Meng, Weizhi

AU - Fei, Fei

AU - Li, Wenjuan

AU - Au, Man Ho

PY - 2017

Y1 - 2017

N2 - The increasingly high demand for smartphone charging in people’s daily lives has apparently encouraged much more public charging stations to be deployed in various places (e.g., shopping malls, airports). However, these public charging facilities may open a hole for cyber-criminals to infer private information and data from smartphone users. Juice filming charging (JFC) attack is a particular type of charging attacks, which is capable of stealing users’ sensitive information from both Android OS and iOS devices, through automatically monitoring and recording phone screen during the whole charging period. The rationale is that phone screen can be leaked through a standard micro USB connector, which adopts the Mobile High-Definition Link (MHL) standard. In practice, we identify that how to efficiently extract information from the captured videos remains a challenge for current JFC attack. To further investigate its practical influence, in this work, we focus on enhancing its performance in the aspects of extracting texts from images and correlating information, and then conducting a user study in a practical scenario. The obtained results demonstrate that our enhanced JFC attack can outperform the original one in collecting users’ information at large and extracting sensitive data with a higher accuracy. Our work aims to complement existing results and stimulate more efforts in defending smartphones against charging threats.

AB - The increasingly high demand for smartphone charging in people’s daily lives has apparently encouraged much more public charging stations to be deployed in various places (e.g., shopping malls, airports). However, these public charging facilities may open a hole for cyber-criminals to infer private information and data from smartphone users. Juice filming charging (JFC) attack is a particular type of charging attacks, which is capable of stealing users’ sensitive information from both Android OS and iOS devices, through automatically monitoring and recording phone screen during the whole charging period. The rationale is that phone screen can be leaked through a standard micro USB connector, which adopts the Mobile High-Definition Link (MHL) standard. In practice, we identify that how to efficiently extract information from the captured videos remains a challenge for current JFC attack. To further investigate its practical influence, in this work, we focus on enhancing its performance in the aspects of extracting texts from images and correlating information, and then conducting a user study in a practical scenario. The obtained results demonstrate that our enhanced JFC attack can outperform the original one in collecting users’ information at large and extracting sensitive data with a higher accuracy. Our work aims to complement existing results and stimulate more efforts in defending smartphones against charging threats.

KW - Mobile privacy and security

KW - Android and iOS

KW - Charging threat

KW - OCR technology

KW - Juice filming charging attack

U2 - 10.1007/978-3-319-69659-1_16

DO - 10.1007/978-3-319-69659-1_16

M3 - Article in proceedings

SN - 978-3-319-69658-4

VL - 10599

T3 - Lecture Notes in Computer Science

SP - 291

EP - 308

BT - Information Security

PB - Springer

ER -

Meng W, Fei F, Li W, Au MH. Harvesting Smartphone Privacy Through Enhanced Juice Filming Charging Attacks. In Information Security. Vol. 10599. Springer. 2017. p. 291-308. (Lecture Notes in Computer Science, Vol. 10599). https://doi.org/10.1007/978-3-319-69659-1_16