Glitch in Time: Exploiting Temporal Misalignment of IMU For Eavesdropping

Ahmed Najeeb,Abdul Rafay,Naveed Anwar Bhatti,Muhammad Hamad Alizai
2024-10-28
Abstract:The increasing use of voice assistants and related applications has raised significant concerns about the security of Inertial Measurement Units (IMUs) in smartphones. These devices are vulnerable to acoustic eavesdropping attacks, jeopardizing user privacy. In response, Google imposed a rate limit of 200 Hz on permission-free access to IMUs, aiming to neutralize such side-channel attacks. Our research introduces a novel exploit, STAG, which circumvents these protections. It induces a temporal misalignment between the gyroscope and accelerometer, cleverly combining their data to resample at higher rates and reviving the potential for eavesdropping attacks previously curtailed by Google's security enhancements. Compared to prior methods, STAG achieves an 83.4% reduction in word error rate, highlighting its effectiveness in exploiting IMU data under restricted access and emphasizing the persistent security risks associated with these sensors.
Cryptography and Security
What problem does this paper attempt to address?
The main problem that this paper attempts to solve is the vulnerability of acoustic eavesdropping attacks on the Inertial Measurement Unit (IMU) in smartphones under the 200 Hz sampling rate limit. Specifically: 1. **Bypassing existing security measures**: Although Google introduced a 200 Hz sampling rate limit in Android 12 to prevent zero - permission side - channel attacks, these limits are not sufficient to completely prevent sophisticated eavesdropping attacks. The paper shows that even under the 200 Hz limit, by introducing the Spatio - Temporal Alignment Grouping (STAG) technique, these protection mechanisms can still be effectively bypassed. 2. **Improving data fusion accuracy**: The paper proposes a new method, that is, by intentionally introducing a time misalignment between the gyroscope and the accelerometer, to enhance the effect of data fusion. This method can not only improve the accuracy of the data, but also increase the sampling rate from 200 Hz to 400 Hz, thus restoring the potential for eavesdropping attacks brought by the limited sampling rate. 3. **Reducing the voice recognition error rate**: Compared with existing methods, STAG achieves an 83.4% reduction in word error rate, indicating its effectiveness in using IMU data for voice recognition under the limited sampling rate. ### Core contributions of the paper - **Revealing the deficiencies of existing security measures**: Research shows that the 200 Hz sampling rate limit introduced in Android 12 and later versions is not sufficient to prevent sophisticated eavesdropping attacks, and the security standards for smartphone sensor data need to be re - evaluated. - **Introducing the time misalignment technique**: A novel method has been developed to introduce a controllable time misalignment in IMU data, thereby significantly improving the accuracy of data fusion and increasing the accelerometer data from 200 Hz to 400 Hz. - **Advanced data processing pipeline**: An innovative data processing pipeline has been introduced, combining the Light Gradient Boosting Machine (LightGBM) and interpolation techniques, which significantly improves the accuracy and efficiency of audio signal recognition at low sampling rates. ### Summary By introducing the STAG method, the paper successfully bypasses the existing 200 Hz sampling rate limit and shows how to effectively use IMU data for high - precision voice recognition under this limit. This not only reveals the security risks existing in current smartphone operating systems, but also provides an important reference for future security research. --- If you have more questions or need further assistance, please feel free to let me know!