Surf-Snooping: USB crosstalk leakage attacks on wireless charging

IF 4.8 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS Computers & Security Pub Date : 2025-03-13 DOI:10.1016/j.cose.2025.104412

Yue Hou , Xinyan Zhou , Huakang Xia , Jian Wang , Haiming Chen

{"title":"Surf-Snooping: USB crosstalk leakage attacks on wireless charging","authors":"Yue Hou , Xinyan Zhou , Huakang Xia , Jian Wang , Haiming Chen","doi":"10.1016/j.cose.2025.104412","DOIUrl":null,"url":null,"abstract":"<div><div>Various mobile devices such as smartphones, tablets, and computers have been increasingly incorporated with wireless charging technology. Nevertheless, this widespread adoption of wireless chargers has raised substantial concerns regarding privacy and security. The Universal Serial Bus (USB), serving as the primary power supply port, is widely acknowledged as a significant source of privacy vulnerabilities. This article introduces Surf-Snooping, a side-channel attack that is aimed at exploiting vulnerabilities in wireless charging systems. Through monitoring the voltage fluctuations of a nearby USB charging port, an attacker can eavesdrop on the detailed activities and operations that are happening during smartphone charging (e.g., PIN code and text input), even without engaging in data communication. With a trained model, Surf-Snooping exhibits a 100% accuracy on device model identification, while the activity recognition accuracy can reach up to 86.7%, 89.9%, and 81.7% for password recognition, application identification, and keystroke inference, respectively. It is noteworthy that Surf-Snooping achieves accuracies of 92.3%, 98%, and 94.5% for the three types of activity categorization when the phone is fully charged. We also validate the privacy leakage risk of Surf-Snooping with different scenarios, and our work reveals an inherent flaw in the current implementation of wireless charging systems. It provides enhanced obfuscation and stability, requires no physical interference with the charging infrastructure, and remains effective throughout the entire charging cycle.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"154 ","pages":"Article 104412"},"PeriodicalIF":4.8000,"publicationDate":"2025-03-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computers & Security","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0167404825001014","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

Various mobile devices such as smartphones, tablets, and computers have been increasingly incorporated with wireless charging technology. Nevertheless, this widespread adoption of wireless chargers has raised substantial concerns regarding privacy and security. The Universal Serial Bus (USB), serving as the primary power supply port, is widely acknowledged as a significant source of privacy vulnerabilities. This article introduces Surf-Snooping, a side-channel attack that is aimed at exploiting vulnerabilities in wireless charging systems. Through monitoring the voltage fluctuations of a nearby USB charging port, an attacker can eavesdrop on the detailed activities and operations that are happening during smartphone charging (e.g., PIN code and text input), even without engaging in data communication. With a trained model, Surf-Snooping exhibits a 100% accuracy on device model identification, while the activity recognition accuracy can reach up to 86.7%, 89.9%, and 81.7% for password recognition, application identification, and keystroke inference, respectively. It is noteworthy that Surf-Snooping achieves accuracies of 92.3%, 98%, and 94.5% for the three types of activity categorization when the phone is fully charged. We also validate the privacy leakage risk of Surf-Snooping with different scenarios, and our work reveals an inherent flaw in the current implementation of wireless charging systems. It provides enhanced obfuscation and stability, requires no physical interference with the charging infrastructure, and remains effective throughout the entire charging cycle.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

求助全文

约1分钟内获得全文去求助

来源期刊

Computers & Security 工程技术-计算机：信息系统

CiteScore

12.40

自引率

7.10%

发文量

365

审稿时长

10.7 months

期刊介绍： Computers & Security is the most respected technical journal in the IT security field. With its high-profile editorial board and informative regular features and columns, the journal is essential reading for IT security professionals around the world. Computers & Security provides you with a unique blend of leading edge research and sound practical management advice. It is aimed at the professional involved with computer security, audit, control and data integrity in all sectors - industry, commerce and academia. Recognized worldwide as THE primary source of reference for applied research and technical expertise it is your first step to fully secure systems.

期刊最新文献

Penterep: Comprehensive penetration testing with adaptable interactive checklists SecRASP: Next generation web application security protection methodology and framework Editorial Board Surf-Snooping: USB crosstalk leakage attacks on wireless charging LowPTor: A lightweight method for detecting extremely low-proportion darknet traffic