At the 2020 Usenix conference, a paper titled “Charger-Surfing: Exploiting a Power Line Side-Channel for Smartphone Information Leakage” was published. This paper explored the exploitation of a phone’s USB charging cable to gain information about that phone’s on-screen animations. This exploitation was then implemented as a general purpose attack to obtain smartphone passcodes in real time.
Over the last two terms, we have worked to replicate a subset of the findings of these authors. We built a low-cost, portable data collection system described in the paper, then used that system to collect data about iPhone power usage over a USB cable. We then used a convolutional neural network to classify our data and predict the most-likely button being pressed during a given interval of time.
This attack is a particular example of a more general class of computer attacks known as side-channel attacks. Side-channel attacks seek to exploit variabilities in the transfer of some underlying data to gain information that might otherwise be inaccessible. In the case of charger surfing, we are attempting to infer the on-screen animations of a smartphone using variations in the amount of power being transmitted over the charging cable.
Overall, we were able to achieve ~45% accuracy in predicting what passcode button was being pressed on an iPhone 6s. Although these results were not robust enough to conclude that the attack would be feasible in general, it shows the plausibility of the authors’ results.