StealthyIMU: Stealing Permission-protected Private Information From Smartphone Voice Assistant Using Zero-Permission Sensors

Proceedings 2023 Network and Distributed System Security Symposium Pub Date : 1900-01-01 DOI:10.14722/ndss.2023.24077

Ke Sun, C. Xia, Songlin Xu, Xinyu Zhang

{"title":"StealthyIMU: Stealing Permission-protected Private Information From Smartphone Voice Assistant Using Zero-Permission Sensors","authors":"Ke Sun, C. Xia, Songlin Xu, Xinyu Zhang","doi":"10.14722/ndss.2023.24077","DOIUrl":null,"url":null,"abstract":"—Voice User Interfaces (VUIs) are becoming an indispensable module that enables hands-free interaction between human users and smartphones. Unfortunately, recent research revealed a side channel that allows zero-permission motion sensors to eavesdrop on the VUI voices from the co-located smartphone loudspeaker. Nonetheless, these threats are limited to leaking a small set of digits and hot words. In this paper, we propose StealthyIMU, a new threat that uses motion sensors to steal permission-protected private information from the VUIs. We develop a set of efﬁcient models to detect and extract private information, taking advantage of the deterministic structures in the VUI responses. Our experiments show that StealthyIMU can steal private information from 23 types of frequently-used voice commands to acquire contacts, search history, calendar, home address, and even GPS trace with high accuracy. We further propose effective mechanisms to defend against StealthyIMU without noticeably impacting the user experience.","PeriodicalId":199733,"journal":{"name":"Proceedings 2023 Network and Distributed System Security Symposium","volume":"205 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"1900-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings 2023 Network and Distributed System Security Symposium","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.14722/ndss.2023.24077","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

—Voice User Interfaces (VUIs) are becoming an indispensable module that enables hands-free interaction between human users and smartphones. Unfortunately, recent research revealed a side channel that allows zero-permission motion sensors to eavesdrop on the VUI voices from the co-located smartphone loudspeaker. Nonetheless, these threats are limited to leaking a small set of digits and hot words. In this paper, we propose StealthyIMU, a new threat that uses motion sensors to steal permission-protected private information from the VUIs. We develop a set of efﬁcient models to detect and extract private information, taking advantage of the deterministic structures in the VUI responses. Our experiments show that StealthyIMU can steal private information from 23 types of frequently-used voice commands to acquire contacts, search history, calendar, home address, and even GPS trace with high accuracy. We further propose effective mechanisms to defend against StealthyIMU without noticeably impacting the user experience.

查看原文本刊更多论文

StealthyIMU:使用零权限传感器从智能手机语音助手窃取许可保护的私人信息

——语音用户界面(voice User interface, VUIs)正在成为人类用户与智能手机之间实现免提交互的不可或缺的模块。不幸的是，最近的研究发现了一个侧面通道，允许零许可运动传感器窃听来自同一位置的智能手机扬声器的VUI声音。尽管如此，这些威胁仅限于泄露一小部分数字和热词。在本文中，我们提出了StealthyIMU，这是一种新的威胁，它使用运动传感器从用户那里窃取受许可保护的私人信息。我们开发了一套有效的模型，利用VUI响应中的确定性结构来检测和提取私有信息。我们的实验表明，StealthyIMU可以从23种常用语音命令中窃取私人信息，以高精度获取联系人，搜索历史，日历，家庭地址甚至GPS跟踪。我们进一步提出有效的机制来防御StealthyIMU，而不会明显影响用户体验。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Proceedings 2023 Network and Distributed System Security Symposium

自引率

0.00%

发文量