Go to DBLP homepageVibLeak: Towards Practical Covert Data Leakage via Phone Vibrations
Abstract: Privacy leakage is a growing concern in smartphone security. Previous studies demonstrated the feasibility and limitations of data transmission via vibration using customized devices under ideal conditions, but focused mainly on transmission speed. Through the analysis of real-world smartphone usage scenarios, we have found that there is a potential risk of private user data on Android phones being actively and covertly leaked because of the poor management of their built-in motion sensors. This paper introduces VibLeak, a novel covert-channel attack framework that intentionally leaks data through vibration. We developed a malicious app to implement this framework and conducted comprehensive experiments across various Android smartphones and environments. The results reveal that VibLeak can transmit data with remarkable accuracy and speed even under realistic conditions, employing vibration intensity that is imperceptible to most users. Our work not only uncovers this previously overlooked privacy leakage vector but also underscores the critical need for advanced security measures to address such sophisticated threats in the evolving landscape of smartphone technology.
Loading