Since the 2008 Batman movie, The Dark Knight, hypothesized the idea of Sonar tracking from electronic devices, researchers have experimented into the applicability of such techniques. In 2017, researchers from the University of Washington developed the CovertBand attack – which camouflaged a high-frequency audio signal in mundane audio recordings and used Sonar to track the movements of listeners in their surroundings. Then came FingerIO, a highly efficient finger tracking solution that implemented Sonar to represent the movement of fingers in the interactive space around smartwatches onto the device’s screen. It was FingerIO, which inspired researchers to develop a similar Sonar-based technique that surreptitiously records the movement of fingers on smartphone screens to predict the unlock pattern of the device.
The technique, called SonarSnoop, essentially turns the smartphone into a crude but efficient Sonar system. The device uses the in-built speaker to emit an orthogonal frequency-division multiplexing (OFDM) signal. The OFDM sound waves are emitted at frequencies inaudible to the human ear – between 18 kHz and 20 kHz, ensuring that the user remains unaware of the ongoing malicious activity. The sound waves are bounced back off physical objects and are received by the phone’s microphone, usually at the same time when the phone is not in use. However, when a finger is swiped to unlock the phone, the received signals are different – depending on the unlock pattern. Using an echo profile matrix to visualize the shift in the signal, the technique then tries to predict the exact movement of the user’s finger across the screen, thus identifying the unlock pattern. The method is similar to how submarines use Sonar to map the depth of the ocean. Only in this case, by turning the phone’s speaker and microphone into an emitter and receiver, the technique tries to track the movement of fingers to predict the unlock pattern of smartphones.
SonarSnoop was developed and tested by academicians from Lancaster University in the UK and Linköping University in Sweden. In their experiment, they used a Samsung Galaxy S4 smartphone running Android 5.0.1. The technique was able to identify various strokes and inflections from several unlock patterns. Using the data obtained from SonarSnoop, the number of possible patterns reduced by almost 70%. The researchers also included Machine Learning algorithms in the technique to adjust for the myriad placements of speakers and microphones in different smartphones. Using such algorithms, the technique is able to normalize the data before interpreting it to determine possible unlock patterns.
The findings of the experiment, along with how the technique works, was published on 9th May, 2018, in the research paper titled: “SonarSnoop: Active Acoustic Side-Channel Attacks”.
So, if you think your smartphone is safe and secured using an unlock pattern, think again. In the past, researchers have used smartphone sensors such as accelerometers, gyroscopes, and proximity sensors to predict PIN and unlock patterns from smartphone devices. However, this is the first instance of using sound waves to carry out such tasks. SonarSnoop is considerably dangerous than other sensor-based methods; it doesn’t wait for the victim to generate the signal, making it world’s first active side-channel attack. The SonarSnoop attack can be hidden inside an app, and upon installation, can carry out the malicious task of deciphering your unlock pattern without your knowledge. The best way to deal with such an attack is to only install apps from trusted and verified sources. Moreover, users should also opt for smartphones that use fingerprints to lock and unlock itself.