| Summary: | Mobile smartphones are equipped with an increasingly large number of precise and sophisticated sensors. These sensors vastly enhance the user's GUI experience, but they also raise the risk of directly or indirectly leaking their private information. Mobile operating systems (e.g., Android and iOS) mitigate such leakages by implementing app-level sandboxing and resource permissions. These protections may suffice for traditional privacy attacks using traditional hardware, however, they fail when attacks exploit side-channels that bypass the protections. One example of such side-channels is the motion sensors (Accelerometer, Gyroscope and Magnetometer) embedded in most modern smartphones. In this dissertation, we demonstrate two attacks that exploit the motion sensors on smartphones to infer accurate private information about the users such as their typed passwords and significant locations. To protect users from the above attacks and other location / sensor side-channel attacks, we propose the design and implementation of a mitigation framework called MATRIX for the Android ecosystem.
|
|---|
