iSTELAN: Disclosing Sensitive User Information by Mobile Magnetometer from Finger Touches
Authors: Reham Mohamed (Purdue University), Habiba Farrukh (Purdue University), Yidong Lu (Purdue University), He Wang (Purdue University), Z. Berkay Celik (Purdue University)
Volume: 2023
Issue: 2
Pages: 79–96
DOI: https://doi.org/10.56553/popets-2023-0042
Abstract: We show a new type of side-channel leakage in which the built-in magnetometer sensor in Apple's mobile devices captures touch events of users. When a conductive material such as the human body touches the mobile device screen, the electric current passes through the screen capacitors generating an electromagnetic field around the touch point. This electromagnetic field leads to a sharp fluctuation in the magnetometer signals when a touch occurs, both when the mobile device is stationary and held in hand naturally. These signals can be accessed by mobile applications running in the background without requiring any permissions. We develop iSTELAN, a three-stage attack, which exploits this side-channel to infer users' application and touch data. iSTELAN translates the magnetometer signals to a binary sequence to reveal users' touch events, exploits touch event patterns to fingerprint the type of application a user is using, and models touch events to identify users' touch event types performed on different applications. We demonstrate the iSTELAN attack on 22 users while using 7 popular app types and show that it achieves an average accuracy of 90% for disclosing touch events, 74% for classifying application type used, and 73% for detecting touch event types.
Keywords: Side-channel attacks, user privacy, information leakage
Copyright in PoPETs articles are held by their authors. This article is published under a Creative Commons Attribution 4.0 license.