The recent popularization of mobile devices equipped with high-performance sensors has given rise to the fast development of mobile sensing technology. Mobile sensing applications, such as gesture recognition, vital sign monitoring, localization, and identification analyze the signals generated by human activities and environment changes, and thus get a better understanding of the environment and human behaviors. While benefiting people’s lives, the growing capability of Mobile Sensing would also spawn new threats to security and privacy. On one hand, while the commercialization of new mobile devices enlarges the design space, it is challenging to design effective mobile sensing systems, which use fewer or cheaper sensors and achieve better performance or more functionalities. On the other hand, attackers can utilize the sensing strategies to track victims’ activities and cause privacy leakages. Mobile sensing attacks usually use side channels and target the information hidden in non-textual data. I present the Mobile Sensing Application-Attack (MSAA) framework, a general model showing the structures of mobile sensing applications and attacks, and how the two faces — the benefits and threats — are connected. MSAA reflects our principles of designing effective mobile sensing systems and exploring information leakages. Our experiment results show that our applications can achieve satisfactory performance, and also confirm the threats of privacy leakage if they are maliciously used, which reveals the two faces of mobile sensing.
When filling out privacy-related forms in public places such as hospitals or clinics, people usually are not aware that the sound of their handwriting can leak personal information. In this paper, we explore the possibility of eavesdropping on handwriting via nearby mobile devices based on audio signal processing and machine learning. By presenting a proof-of-concept system, WritingHacker, we show the usage of mobile devices to collect the sound of victims’ handwriting, and to extract handwriting-specific features for machine learning based analysis. An attacker can keep a mobile device, such as a common smartphone, touching the desk used by the victim to record the audio signals of handwriting. Then, the system can provide a word-level estimate for the content of the handwriting. Moreover, if the relative position between the device and the handwriting is known, a hand motion tracking method can be further applied to enhance the system’s performance. Our prototype system’s experimental results show that the accuracy of word recognition reaches around 70 – 80 percent under certain conditions, which reveals the danger of privacy leakage through the sound of handwriting.
July 2020: Tuo Yu, Haiming Jin, and Klara Nahrstedt. Mobile devices based eavesdropping of handwriting. IEEE Transactions on Mobile Computing 19(7), pages 1649–1663, July 2020. IEEE. DOI: 10.1109/TMC.2019.2912747
May 2020: Chen Yan, Hocheol Shin, Connor Bolton, Wenyuan Xu, Yongdae Kim, and Kevin Fu. SoK: A Minimalist Approach to Formalizing Analog Sensor Security. pages 233–248, May 2020. IEEE. DOI: 10.1109/sp40000.2020.00026
Over the last six years, several papers demonstrated how intentional analog interference based on acoustics, RF, lasers, and other physical modalities could induce faults, influence, or even control the output of sensors. Damage to the availability and integrity of sensor output carries significant risks to safety-critical systems that make automated decisions based on trusted sensor measurement. This IEEE S&P conference ‘Systematization of Knowledge’ paper provides a framework for assessing the security of analog sensors without sensor engineers needing to learn significantly new notation. The primary goals of the systematization are (1) to enable more meaningful quantification of risk for the design and evaluation of past and future sensors, (2) to better predict new attack vectors, and (3) to establish defensive design patterns that make sensors more resistant to analog attacks.
A new THaW paper was published at USENIX Security last week. It describes using a laser at a distance of 110 meters to stimulate audio sensors on smart speakers and thereby insert audio commands that are accepted as coming from a legitimate user. Techniques for dealing with this vulnerability are proposed.
Takeshi Sugawara, Benjamin Cyr, Sara Rampazzi, Daniel Genkin, and Kevin Fu. Light Commands: Laser-Based Audio Injection Attacks on Voice-Controllable Systems. In Proceedings of the USENIX Security Symposium (USENIX Security), pages 2631–2648, August 2020. USENIX Association.
Early THaW research on contact tracing is finding new relevance as groups across the US and around the world scramble to develop privacy-preserving contact-tracing apps. Notable app efforts include DP-3T, PEPP-PT, and SafePaths. All of those efforts focus on privacy-preserving apps for retrospective notification of persons who may have had “contact” with a person later determined to be ill with an infectious disease, where “contact” occurs when spending time in close proximity to the infected person. THaW student Aarathi Prasad went further, devising a system that could also detect “close encounters”, e.g., for those who may have visited a place soon after the infected person left. Some diseases, including perhaps the coronavirus, can linger in the air or on surfaces for hours.
The lead author on THaW’s work, Aarathi Prasad, is now a professor at Skidmore College, which just posted an extended story about her work. Her work was originally published in the paper below.
Abstract: Location-based sharing services allow people to connect with others who are near them, or with whom they shared a past encounter. Suppose it were also possible to connect with people who were at the same location but at a different time – we define this scenario as a close encounter, i.e., an incident of spatial and temporal proximity. By detecting close encounters, a person infected with a contagious disease could alert others to whom they may have spread the virus. We designed a smartphone-based system that allows people infected with a contagious virus to send alerts to other users who may have been exposed to the same virus due to a close encounter. We address three challenges: finding devices in close encounters with minimal changes to existing infrastructure, ensuring authenticity of alerts, and protecting privacy of all users. Finally, we also consider the challenges of a real-world deployment.
The THaW team is pleased to announce two new patents derived from THaW research, bringing the project total to five patents and one pending. For the complete list, visit our Tech Transfer page. The two new patents are described below.
March 2020: Xiaohui Liang, Tianlong Yun, Ron Peterson, and David Kotz. Secure System For Coupling Wearable Devices To Computerized Devices with Displays, March 2020. USPTO; U.S. Patent 10,581,606; USPTO. Download from https://patents.google.com/patent/US20170279612A1/en — Priority date 2014-08-18, Grant date 2020-03-03. Patent describes a system enabling information from mobile health sensors (eg Fitbit) to be displayed onto nearby screens without being affected by local security threats. The scheme uses visible light sensor on the mobile device. See papers liang:lighttouch and liang:jlighttouch.
February 2020: Timothy J. Pierson, Xiaohui Liang, Ronald Peterson, and David Kotz. Apparatus for Securely Configuring A Target Device and Associated Methods, February 2020. U.S. Patent 10,574,298; USPTO. Download from https://patents.google.com/patent/US20180191403A1/en — This is a patent. Priority date 2015-06-23, Grant date 2020-02-25. Patent based on “Wanda” device, described in other publications. Device implements a scheme for single antenna wi-fi device to determine its proximity to another wi-fi device with which it is communicating, in order to assure it is not unwittingly communicating with a distant adversary device rather than a nearby device. See paper pierson:wanda.
THaW professor Eric Johnson was recently interviewed on the DataBreach Today podcast. “How do hospitals’ efforts to bolster information security in the aftermath of data breaches potentially affect patient outcomes? Professor Eric Johnson of Vanderbilt University discusses recent research that shows a worrisome relationship between breach remediation and the delivery of timely patient care.”
Sung J. Choi, M. Eric Johnson, and Christoph U. Lehmann. Data breach remediation efforts and their implications for hospital quality. Health Services Research 54(5), pages 971–980, September 2019. John Wiley & Sons. DOI: 10.1111/1475-6773.13203
ACM SIGMOBILE has posted a video of our presentation of the THaW paper Proximity detection with single-antenna IoT devices at MobiCom’19. Abstract below the video.
Timothy J. Pierson, Travis Peters, Ronald Peterson, and David Kotz. Proximity Detection with Single-Antenna IoT Devices. In Proceedings of the ACM International Conference on Mobile Computing and Networking (MobiCom), Article #21, October 2019. ACM Press. DOI 10.1145/3300061.3300120.
Abstract: Providing secure communications between wireless devices that encounter each other on an ad-hoc basis is a challenge that has not yet been fully addressed. In these cases, close physical proximity among devices that have never shared a secret key is sometimes used as a basis of trust; devices in close proximity are deemed trustworthy while more distant devices are viewed as potential adversaries. Because radio waves are invisible, however, a user may believe a wireless device is communicating with a nearby device when in fact the user’s device is communicating with a distant adversary. Researchers have previously proposed methods for multi-antenna devices to ascertain physical proximity with other devices, but devices with a single antenna, such as those commonly used in the Internet of Things, cannot take advantage of these techniques.
We present theoretical and practical evaluation of a method called SNAP – SiNgle Antenna Proximity – that allows a single-antenna Wi-Fi device to quickly determine proximity with another Wi-Fi device. Our proximity detection technique leverages the repeating nature Wi-Fi’s preamble and the behavior of a signal in a transmitting antenna’s near-field region to detect proximity with high probability; SNAP never falsely declares proximity at ranges longer than 14 cm.
Recent THaW research has demonstrated that temperature control systems, particularly in sensitive devices like infant incubators or industrial thermal chambers, can be affected by (and thus manipulated by) electromagnetic waves. The team included Prof. Kevin Fu and Research Investigator Sara Rampazzi from THaW, and Prof. Xiali Hei and PhD student Yazhou Tu from the University of Louisiana at Lafayette.
The vulnerability is due to the weakness of analog sensing components. In particular, the change in the measured temperature is due to an unintended rectification effect in amplifiers induced by injecting specific electromagnetic interferences though their temperature sensors.
The researchers demonstrate how it is possible remotely manipulate the temperature sensor measurements of critical devices, such as infant incubators, thermal chambers, and 3D printers. “In infant incubators for example, changing temperature sensor measurement can raise the risk of temperature-related health issues in infants, such as hyperthermia and hypothermia, which in turn can lead in extreme cases to hypoxia, and neurological complications.” Rampazzi says.
In a recent paper describing the attack method, the authors also describe a defense against the vulnerability, proposing a prototype of an analog anomaly detector to identify unintended interferences in the affected frequency range.
The paper was presented this month at the ACM Conference on Computer and Communications Security (CCS), and is available at DOI 10.1145/3319535.3354195.
Short video demos of the effect on an infant incubator are available on YouTube.
A new THaW paper in Health Sciences Research from Choi, Johnson, and Lehmann explores the relationship between breach remediation efforts and hospital care quality. They found that hospital time‐to‐electrocardiogram increased as much as 2.7 minutes, and 30‐day acute myocardial infarction mortality increased as much as 0.36 percentage points, during the 3‐year window following a breach. They conclude that breach remediation efforts were associated with deterioration in timeliness of care and patient outcomes. Thus, breached hospitals and HHS oversight should carefully evaluate remedial security initiatives to achieve better data security without negatively affecting patient outcomes.