A Study on Power Side Channels on Mobile Devices
This work addresses security and privacy risks for mobile users by revealing practical attacks through power side channels, though it is incremental as it builds on known side channel concepts.
The study demonstrated the existence of power side channels on mobile devices, showing that unprivileged power consumption traces can be used to identify running apps, infer sensitive UIs, guess password lengths, and estimate geo-locations, posing imminent threats to security and privacy.
Power side channel is a very important category of side channels, which can be exploited to steal confidential information from a computing system by analyzing its power consumption. In this paper, we demonstrate the existence of various power side channels on popular mobile devices such as smartphones. Based on unprivileged power consumption traces, we present a list of real-world attacks that can be initiated to identify running apps, infer sensitive UIs, guess password lengths, and estimate geo-locations. These attack examples demonstrate that power consumption traces can be used as a practical side channel to gain various confidential information of mobile apps running on smartphones. Based on these power side channels, we discuss possible exploitations and present a general approach to exploit a power side channel on an Android smartphone, which demonstrates that power side channels pose imminent threats to the security and privacy of mobile users. We also discuss possible countermeasures to mitigate the threats of power side channels.