Paper 2023/1078

Bypassing Android isolation with fuel gauges: new risks with advanced power ICs

Vincent Giraud, École Normale Supérieure - PSL, Ingenico (France)
David Naccache, École Normale Supérieure - PSL, Ingenico (France)
Abstract

Efficient power management is critical for embedded devices, both for extending their lifetime and ensuring safety. However, this can be a challenging task due to the unpredictability of the batteries commonly used in such devices. To address this issue, dedicated Integrated Circuits known as "fuel gauges" are often employed outside of the System-On-Chip. These devices provide various metrics about the available energy source and are highly accurate. However, their precision can also be exploited by malicious actors to compromise platform confidentiality if the Operating System fails to intervene. Depending on the fuel gauge and OS configuration, several attack scenarios are possible. In this article, we focus on Android and demonstrate how it is possible to bypass application isolation to recover PINs entered in other processes.

Metadata
Available format(s)
PDF
Category
Attacks and cryptanalysis
Publication info
Preprint.
Keywords
Fuel gaugeEmbedded systemConfidentiality
Contact author(s)
vincent giraud @ ens fr
david naccache @ ens fr
History
2023-07-16: approved
2023-07-11: received
See all versions
Short URL
https://ia.cr/2023/1078
License
Creative Commons Attribution-ShareAlike
CC BY-SA

BibTeX 

@misc{cryptoeprint:2023/1078,
      author = {Vincent Giraud and David Naccache},
      title = {Bypassing Android isolation with fuel gauges: new risks with advanced power {ICs}},
      howpublished = {Cryptology {ePrint} Archive, Paper 2023/1078},
      year = {2023},
      url = {https://eprint.iacr.org/2023/1078}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.