Exploiting Battery-Drain Vulnerabilities in Mobile Smart Devices

Differently from attacks aimed at gaining control of the resources of a mobile device, energy-related attacks have the essential goal of significantly raising the energy demand on the victim side, without apparently affecting its activities. It is a fundamental point to highlight how such a goal can possibly be accomplished by mounting well-known canonical attacks and waiting for the system defenses to detect and stop them. In such an endeavor, defenses require additional amounts of energy which eventually render the mobile device completely useless. In the System on Chip (SoC) architecture, many components, each with a separate function, are integrated. As the total energy adsorption is the composition of the energy consumptions of individual components, each component may be the target of an energy-based attack. This work analyzes and discusses the effects and implication of new energy-based Denial of Service attacks based on the proper solicitation of hardware-layer encode/decode capabilities by using specifically crafted multi-media resources, in order to introduce an anomalous battery drain, and hence significantly shorten the overall battery lifetime in mobile smart devices. These attacks do not require physical access nor compromise of the target device, and they take advantage of new HTML5 functionalities that can be properly triggered during normal browsing activity. The more significant result is that the Digital Signal Processor (DSP) offers an exploitable attack surface to be kept into consideration early in the design process. Countermeasures include special filtering rules that prevent “irrelevant” content from reaching the DSP or, in a more far-reached perspective, the introduction of a power-draw controller on the SoC with the purpose of monitoring energy consumption and raising alerts.

[1]  Chu-Hsing Lin,et al.  Energy Analysis of Multimedia Video Streaming on Mobile Devices , 2009, ISA.

[2]  Michael S. Hsiao,et al.  Denial-of-service attacks on battery-powered mobile computers , 2004, Second IEEE Annual Conference on Pervasive Computing and Communications, 2004. Proceedings of the.

[3]  Rochit Rajsuman System-On-A-Chip: Design and Test , 2000 .

[4]  Ric D. Herbert,et al.  Reducing energy consumption in distributed computing through economic resource allocation , 2013, Int. J. Grid Util. Comput..

[5]  Frank Stajano,et al.  The Resurrecting Duckling: Security Issues for Ad-hoc Wireless Networks , 1999, Security Protocols Workshop.

[6]  Huazhong Yang,et al.  Accurate temperature-dependent integrated circuit leakage power estimation is easy , 2007 .

[7]  Xiangyu Liu,et al.  Acoustic Fingerprinting Revisited: Generate Stable Device ID Stealthily with Inaudible Sound , 2014, CCS.

[8]  Matti Siekkinen,et al.  Smartphone Energy Consumption: Modeling and Optimization , 2014 .

[9]  Fengyuan Xu,et al.  V-edge: Fast Self-constructive Power Modeling of Smartphones Based on Battery Voltage Dynamics , 2013, NSDI.

[10]  Lei Yang,et al.  Accurate online power estimation and automatic battery behavior based power model generation for smartphones , 2010, 2010 IEEE/ACM/IFIP International Conference on Hardware/Software Codesign and System Synthesis (CODES+ISSS).

[11]  Samuel P. Midkiff,et al.  Hypnos: understanding and treating sleep conflicts in smartphones , 2013, EuroSys '13.

[12]  Joseph G. Tront,et al.  Mobile Device Profiling and Intrusion Detection Using Smart Batteries , 2008, Proceedings of the 41st Annual Hawaii International Conference on System Sciences (HICSS 2008).

[13]  Konstantin Mikhaylov,et al.  Energy-efficient routing in wireless sensor networks using power-source type identification , 2012, Int. J. Space Based Situated Comput..

[14]  Alessio Merlo,et al.  The energy impact of security mechanisms in modern mobile devices , 2012, Netw. Secur..

[15]  Wafaa Bou Diab,et al.  Energy efficient QoS routing and adaptive status update in WMSNs , 2016, Int. J. Space Based Situated Comput..

[16]  Simon,et al.  Resource allocation to conserve energy in distributed computing , 2011, Int. J. Grid Util. Comput..

[17]  Naehyuck Chang,et al.  Power conversion efficiency characterization and optimization for smartphones , 2012, ISLPED '12.

[18]  Francesco Palmieri,et al.  Energy-oriented denial of service attacks: an emerging menace for large cloud infrastructures , 2014, The Journal of Supercomputing.

[19]  Xiao Ma,et al.  eDoctor : Automatically Diagnosing Abnormal Battery Drain Issues on Smartphones , 2013 .

[20]  Alfredo De Santis,et al.  Multimedia-based battery drain attacks for Android devices , 2014, 2014 IEEE 11th Consumer Communications and Networking Conference (CCNC).

[21]  KUN-LIN TSAI,et al.  Residence Energy Control System Based on Wireless Smart Socket and IoT , 2016, IEEE Access.

[22]  Boudewijn R. Haverkort,et al.  Which battery model to use? , 2008, IET Softw..

[23]  Jing Zhang,et al.  Energy-efficient and self-adaptive routing algorithm based on event-driven in wireless sensor network , 2016, Int. J. Grid Util. Comput..

[24]  Francesco Palmieri,et al.  Analyzing Local Strategies for Energy-Efficient Networking , 2011, Networking Workshops.

[25]  Fang-Yie Leu,et al.  An ECC-based secure EMR transmission system with data leakage prevention scheme , 2016, Int. J. Comput. Math..

[26]  An energy-efficient virtual machine scheduler based on CPU share-reclaiming policy , 2015, Int. J. Grid Util. Comput..

[27]  Periklis Chatzimisios,et al.  A methodology for testing battery deprivation denial of service attacks in mobile phones , 2015, 2015 International Conference on Information and Digital Technologies.