IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY
In this paper, we show that public USB charging stations pose a significant privacy risk to smartphone users even when no data communication is possible between the station and the user's mobile device. We present a side-channel attack that allows a charging station to identify which Webpages are loaded while the smartphone is charging. To evaluate this side-channel, we collected power traces of Alexa top 50 Websites on multiple smartphones under several conditions, including battery charging level, browser cache enabled/disabled, taps on the screen, Wi-Fi/LTE, TLS encryption enabled/disabled, time elapsed between collection of training and testing data, and location of the Website. The results of our evaluation show that the attack is highly successful: in many settings, we were able to achieve over 90% Webpage identification accuracy. On the other hand, our experiments also show that this side-channel is sensitive to some of the aforementioned conditions. For instance, when training and testing traces were collected 70 days apart, accuracies were as low as 2.2%. Although there are studies that show that power-based side-channels can predict browsing activity on laptops, this paper is unique, because it is the first to study this side-channel on smartphones, under smartphone-specific constraints. Further, we demonstrate that Websites can be correctly identified within a short time span of 2 x 6 seconds, which is in contrast with prior work, which uses 15-s traces. This is important, because users typically spend less than 15 s on a Webpage.
Yang, Qing; Gasti, Paolo; Zhou, Gang; Farajidavar, Aydin; and Balagani, Kiran S., On Inferring Browsing Activity on Smartphones via USB Power Analysis Side-Channel (2017). IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, 12(5).