Journal
PROCEEDINGS OF THE 2022 THE 28TH ANNUAL INTERNATIONAL CONFERENCE ON MOBILE COMPUTING AND NETWORKING, ACM MOBICOM 2022
Volume -, Issue -, Pages 338-351Publisher
ASSOC COMPUTING MACHINERY
DOI: 10.1145/3495243.3560543
Keywords
Eavesdropping; smartphone; earpiece; mmWave sensing
Funding
- National Key R&D Program of China [2020AAA0107700]
- National Natural Science Foundation of China [62032021, 61972348, 61772236, 62122066]
- Leading Innovative and Entrepreneur Team Introduction Program of Zhejiang [2018R01005]
- Research Institute of Cyberspace Governance in Zhejiang University
Ask authors/readers for more resources
This study presents a remote attack on smartphone earpieces using mmWave sensors to eavesdrop on emitted speech. Through optimizing the fitting function and denoising scheme, the attack range can be extended to 6-8m, posing a threat to 23 different models of smartphones.
Earpiece mode of smartphones is often used for confidential communication. In this paper, we proposed a remote(>2m) and motion-resilient attack on smartphone earpiece. We developed an end-to-end eavesdropping system mmEve based on a commercial mmWave sensor to recover speech emitted from smartphone earpiece. The rationale of the attack is based on our observation that, soundwaves emitted from the smartphone's earpiece have a strong correlation with reflected mmWaves from the smartphone's rear. However, we find the recovered speech suffers from the sensor's self-noise and smartphone user's motion which limit attack distance to less than 2m, causing limited threats in real world. We modeled the motion interference under mmWave sensing and proposed a motion-resilient solution by optimizing the fitting function on I/Q plane. To achieve a practical attack with reasonable attack distance, we developed a GAN-based denoising scheme to eliminate the noise pattern of the sensor, which boosted the attack range to 6-8m. We evaluated mmEve with extensive experiments and find 23 different models of smartphones manufactured by Samsung, Huawei, etc. can be compromised by the proposed attack.
Authors
I am an author on this paper
Click your name to claim this paper and add it to your profile.
Reviews
Recommended
No Data Available