W3C home > Mailing lists > Public > public-device-apis@w3.org > May 2016

[sensors] Malicious use of the phone's Gyroscope

From: Yossi Oren via GitHub <sysbot+gh@w3.org>
Date: Sat, 28 May 2016 21:47:01 +0000
To: public-device-apis@w3.org
Message-ID: <issues.opened-157358186-1464472020-sysbot+gh@w3.org>
Yossioren has just created a new issue for 
https://github.com/w3c/sensors:

== Malicious use of the phone's Gyroscope ==
(I originally opened this as 
https://github.com/w3c/deviceorientation/issues/30 , but it looks like
 all the cool kids are hanging out here now...)

Dear Sirs/Madams,

Our team at Ben Gurion University has discovered an attack which takes
 advantage of a mobile device's gyroscope (either directly or through 
the Javascript DeviceOrientation API) to exfiltrate data. The attack 
requires that the adversary place a simple hardware device (basically 
a high-frequency speaker) next to the device under attack.
In contrast to the "Gyrophone" attack from 2014 [1], reducing the 
sampling rate of the gyroscope does not prevent our attack.
To mitigate this attack, we think it's a good idea to limit access to 
the orientation API. One way to achieve this is to ask the user's 
permission before enabling this API. Another way is to limit access to
 web pages delivered from insecure origins, as Chrome does for the 
Location API [2].

I'd be glad to attach a draft of our technical report to this issue, 
if there's some way to (temporarily) restrict access to it. Of course 
I'll be glad to mail the report to anybody on the standards team.

Sincerely,
Yossi Oren.

[1] Yan Michalevsky, Dan Boneh and Gabi Nakibly
Gyrophone: Recognizing Speech from Gyroscope Signals
https://crypto.stanford.edu/gyrophone/
[2] Chromium Security Team, "Deprecating Powerful Features on Insecure
 Origins",
https://www.chromium.org/Home/chromium-security/deprecating-powerful-features-on-insecure-origins

Cross-references:

Firefox: https://bugzilla.mozilla.org/show_bug.cgi?id=1276177
Chrome: https://bugs.chromium.org/p/chromium/issues/detail?id=615348
Safari: 641640531
IE: 33653


Please view or discuss this issue at 
https://github.com/w3c/sensors/issues/112 using your GitHub account
Received on Saturday, 28 May 2016 21:47:03 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:08 UTC