JuiceCaster: Towards automatic juice filming attacks on smartphones☆

Abstract Smartphones have become a part of our daily lives. Thus, they have become a big target for attacks such as malware. While smartphone malware is very popular in the research community, charging attacks are often ignored by the literature. As public charging stations are common, we argue that charging attacks will become a big concern and be used to compromise users’ privacy. For example, government agents and malicious merchants can invade the privacy of phone users through this kind of attacks. In this paper, we describe a vulnerability of smartphone charging and introduce juice filming attacks that can steal sensitive information by recording screen activities during charging. We show that the display of smartphones can be leaked through a standard micro-USB connector using the Mobile High-Definition Link (MHL) standard or the iPhones' lightning connector, making our attack feasible in both Android OS and iOS. Furthermore, we implement a prototype called JuiceCaster , which can automate the whole adversary procedure including video-capturing users' inputs, dividing videos into images and extracting texts from images with OCR (Optical Character Recognition) technology. In the evaluation, experimental results from various studies demonstrate that our attack is effective in practice. Our efforts aim to stimulate more awareness in this area.