A Threat to Mobile Cyber-Physical Systems: Sensor-Based Privacy Theft Attacks on Android Smartphones

The powerful processors and variety of sensors on nowaday smartphones make them being ideal mobile cyber-physical systems. However, these advantages can also be used to launch serious sensor-based privacy theft attacks through sensors abusing. In this paper, a sensor-based voice privacy theft attack named CPVT is presented. The attack will be detected easily if not processed appropriately, since voice data usually has high data rate and special permissions are needed for voice recording and data sending. We introduce two measures in CPVT to resolve the problems, with which CPVT can be disguised as a normal Android APP and the attack process can be fully controlled by the attacker without the knowledge of the victim. Experiments are taken out to verify the effectiveness and efficiency of CPVT, and the results demonstrate that the cyber-physical privacy theft attacks can be realized effectively on mobile terminals with good concealment and low overhead. This may be a very severe threat to mobile cyber-physical systems.