Security Risks and Opportunities of Sensors on Smartphones

Unlike mobile devices in the past, which were designed for the sole purpose of voice-based communication, today's smartphones are powerful devices that can communicate, compute, and sense. The sensing capabilities of smartphones come from a variety of sensors including the microphone, camera, GPS device, accelerometer, gyroscope, compass and so on. Inferring techniques such as position estimation and device proximity inference further enhance the sensing capabilities of smartphones.;At the same time, the popularity of smartphones leads to the explosion of third-party mobile apps. The combination of the large number of untrusted apps and the outstanding sensing capabilities expose smartphone users to a new class of attacks: Sensor Based Attacks. In this dissertation, we investigate three specific type of Sensor Based Attacks: Sensor Sniffing Attacks, Sensor Spoofing Attacks and Side Channel Attacks.;Compared to sniffing attacks on PCs, the mobile version is more menacing and harder to mitigate. After reviewing existing Sensor Sniffing Attacks, we examine the available defenses and show that any single mechanism is inadequate. We propose a general framework for in-depth defense and discuss possible approaches for each component. Another type of attacks is the spoofing attack on the inference based sensing capabilities of smartphones. In this dissertation, we discuss the security of device proximity inference with NFC and show it is vulnerable to spoofing attacks.;Finally we illustrate a previously unrecognized attack that exploits motion sensors on smartphones as a side channel to leak user's keystrokes. We develop a prototype to show such attack is possible. Then we demonstrate its practicality with a user study. Our results show that the attack is effective even though the accuracy is affected by user habits, device dimension, screen orientation, and keyboard layout.;Other than bringing risks, the sensing capabilities of smartphone can be used to improve smartphone security. We exemplify such opportunities with a secure proximity inference scheme based on the difference of the received signal strength on multiple antennas of a device.