Surf-Snooping: USB crosstalk leakage attacks on wireless charging

Abstract

Various mobile devices such as smartphones, tablets, and computers have been increasingly incorporated with wireless charging technology. Nevertheless, this widespread adoption of wireless chargers has raised substantial concerns regarding privacy and security. The Universal Serial Bus (USB), serving as the primary power supply port, is widely acknowledged as a significant source of privacy vulnerabilities. This article introduces Surf-Snooping, a side-channel attack that is aimed at exploiting vulnerabilities in wireless charging systems. Through monitoring the voltage fluctuations of a nearby USB charging port, an attacker can eavesdrop on the detailed activities and operations that are happening during smartphone charging (e.g., PIN code and text input), even without engaging in data communication. With a trained model, Surf-Snooping exhibits a 100% accuracy on device model identification, while the activity recognition accuracy can reach up to 86.7%, 89.9%, and 81.7% for password recognition, application identification, and keystroke inference, respectively. It is noteworthy that Surf-Snooping achieves accuracies of 92.3%, 98%, and 94.5% for the three types of activity categorization when the phone is fully charged. We also validate the privacy leakage risk of Surf-Snooping with different scenarios, and our work reveals an inherent flaw in the current implementation of wireless charging systems. It provides enhanced obfuscation and stability, requires no physical interference with the charging infrastructure, and remains effective throughout the entire charging cycle.