Defensive Charging: Mitigating Power Side-Channel Attacks on Charging Smartphones

Abstract

Mobile devices are increasingly relied upon in user's daily lives. This dependence supports a growing network of mobile device charging hubs in public spaces such as airports. Unfortunately, the public nature of these hubs make them vulnerable to tampering. By embedding illicit power meters in the charging stations an attacker can launch power side-channel attacks aimed at inferring user activity on smartphones (e.g., web browsing or typing patterns). In this paper, we present three power side-channel attacks that can be launched by an adversary during the phone charging process. Such attacks use machine learning to identify unique patterns hidden in the measured current draw and infer information about a user's activity. To defend against these attacks, we design and rigorously evaluate two defense mechanisms, a hardware-based and software-based solution. The defenses randomly perturb the current drawn during charging thereby masking the unique patterns of the user's activities. Our experiments show that the two defenses force each one of the attacks to perform no better than random guessing. In practice, the user would only need to choose one of the defensive mechanisms to protect themselves against intrusions involving power draw analysis.