Mobile devices often distribute measurements from a single physical sensor to
multiple applications using software-based multiplexing. On Android devices,
the highest requested sampling frequency is returned to all applications even
if other applications request measurements at lower frequencies. In this paper,
we demonstrate that this design choice exposes practically exploitable
side-channels based on frequency-key shifting. By carefully modulating sensor
sampling frequencies in software, we show that unprivileged malicious
applications can construct reliable spectral covert channels that bypass
existing security mechanisms, e.g. Android’s permissions framework. Moreover,
we present a variant of this technique that allows an unprivileged malicious
observer app to fingerprint other device applications and user interactions at
a coarse-grained level. Both techniques do not impose any assumptions beyond
application installation and accessing standard mobile services via the Android
Sensors SDK. As such, they open a powerful attack vector that exploits subtle
yet insecure design choices in mobile sensor stacks.

360 Mobile Vision - 360mobilevision.com North & South Carolina Security products and Systems Installations for Commercial and Residential - $55 Hourly Rate. ACCESS CONTROL, INTRUSION ALARM, ACCESS CONTROLLED GATES, INTERCOMS AND CCTV INSTALL OR REPAIR 360 Mobile Vision - 360mobilevision.com is committed to excellence in every aspect of our business. We uphold a standard of integrity bound by fairness, honesty and personal responsibility. Our distinction is the quality of service we bring to our customers. Accurate knowledge of our trade combined with ability is what makes us true professionals. Above all, we are watchful of our customers interests, and make their concerns the basis of our business.

By admin