• 主题
高级搜索  >
历史搜索 清空历史
首页> 外文会议> >No Free Charge Theorem: A Covert Channel via USB Charging Cable on Mobile Devices
【24h】

No Free Charge Theorem: A Covert Channel via USB Charging Cable on Mobile Devices

机译:无免费定理:移动设备上通过USB充电电缆的隐蔽通道

获取原文
获取原文并翻译 | 示例
页面导航
  • 摘要
  • 著录项
  • 相似文献
  • 相关主题

摘要

More and more people are regularly using mobile and battery-powered handsets, such as smartphones and tablets. At the same time, thanks to the technological innovation and to the high user demand, those devices are integrating extensive battery-draining functionalities, which results in a surge of energy consumption of these devices. This scenario leads many people to often look for opportunities to charge their devices at public charging stations: the presence of such stations is already prominent around public areas such as hotels, shopping malls, airports, gyms and museums, and is expected to significantly grow in the future. While most of the times the power comes for free, there is no guarantee that the charging station is not maliciously controlled by an adversary, with the intention to exfiltrate data from the devices that are connected to it. In this paper, we -illustrate for the first time how an adversary could leverage a maliciously controlled charging station to exfiltrate data from the smartphone via a USB charging cable (i.e., without using the data transfer functionality), controlling a simple app running on the device- and without requiring any permission to be granted by the user to send data out of the device. We show the feasibility of the proposed attack through a prototype implementation in Android, which is able to send out potentially sensitive information, such as IMEI and contacts' phone number.
机译:越来越多的人定期使用移动和电池供电的手机,例如智能手机和平板电脑。同时,由于技术创新和用户的高需求,这些设备集成了广泛的电池消耗功能,这导致这些设备的能耗激增。这种情况导致许多人经常寻找在公共充电站为设备充电的机会:此类充电站的存在在酒店,购物中心,机场,体育馆和博物馆等公共场所附近已经很明显,并且预计在2000年将大大增加。未来。尽管大多数情况下是免费提供电源的,但不能保证充电站不会受到对手的恶意控制,目的是从与其连接的设备中窃取数据。在本文中,我们首次说明了对手如何利用恶意控制的充电站通过USB充电电缆(即,不使用数据传输功能)从智能手机中窃取数据,从而控制了运行在设备-且无需用户授予任何许可以将数据发送出设备。我们通过Android中的原型实现展示了提议的攻击的可行性,该原型能够发送潜在的敏感信息,例如IMEI和联系人的电话号码。

著录项

  • 来源
    《》|2017年|83-102|共20页
  • 会议地点 Kanaxzawa(JP)
  • 作者

    Riccardo Spolaor; Laila Abudahi; Veelasha Moonsamy; Mauro Conti; Radha Poovendran;

  • 作者单位

    University of Padua, Padua, Italy;

    University of Washington, Seattle, USA;

    Radboud University, Nijmegen, The Netherlands;

    University of Padua, Padua, Italy;

    University of Washington, Seattle, USA;

  • 会议组织
  • 原文格式 PDF
  • 正文语种 eng
  • 中图分类
  • 关键词

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有

  • 客服微信

  • 服务号