期刊
出版社
ASSOC COMPUTING MACHINERY
DOI: 10.1145/3495243.3560543
关键词
Eavesdropping; smartphone; earpiece; mmWave sensing
资金
- National Key R&D Program of China [2020AAA0107700]
- National Natural Science Foundation of China [62032021, 61972348, 61772236, 62122066]
- Leading Innovative and Entrepreneur Team Introduction Program of Zhejiang [2018R01005]
- Research Institute of Cyberspace Governance in Zhejiang University
This study presents a remote attack on smartphone earpieces using mmWave sensors to eavesdrop on emitted speech. Through optimizing the fitting function and denoising scheme, the attack range can be extended to 6-8m, posing a threat to 23 different models of smartphones.
Earpiece mode of smartphones is often used for confidential communication. In this paper, we proposed a remote(>2m) and motion-resilient attack on smartphone earpiece. We developed an end-to-end eavesdropping system mmEve based on a commercial mmWave sensor to recover speech emitted from smartphone earpiece. The rationale of the attack is based on our observation that, soundwaves emitted from the smartphone's earpiece have a strong correlation with reflected mmWaves from the smartphone's rear. However, we find the recovered speech suffers from the sensor's self-noise and smartphone user's motion which limit attack distance to less than 2m, causing limited threats in real world. We modeled the motion interference under mmWave sensing and proposed a motion-resilient solution by optimizing the fitting function on I/Q plane. To achieve a practical attack with reasonable attack distance, we developed a GAN-based denoising scheme to eliminate the noise pattern of the sensor, which boosted the attack range to 6-8m. We evaluated mmEve with extensive experiments and find 23 different models of smartphones manufactured by Samsung, Huawei, etc. can be compromised by the proposed attack.
作者
我是这篇论文的作者
点击您的名字以认领此论文并将其添加到您的个人资料中。
推荐
暂无数据