Multimedia-Based Battery
Drain Attach for
Android Devices
PRESENTED BY: RASHMIN PATEL
overview

Introduction

Multimedia Attacks

Experimental Evaluation

Conclusion
Introduction

In last years, smartphones are increasingly spreading all over the world, in such a way
that they are now the primary or sole communication device for many people.

Hardware development is growing at rapid rate. The performance of CPUs, memories,
and displays, as well as the complexity of embedded software is increasing.

However, battery-related technologies are not being improved at the same
pace.

There are several reasons for this state of affairs. Batteries rely on
complex electrochemical interactions.
Introduction

Improvement in battery capacity will typically require a breakthrough in
the chemical involved.

The second limiting reason to battery capacity growth depends on size
and safety constraints. Current trends are calling for thin phones which
makes hard to change battery chemicals to get the better output.

In conclusion, while hardware evolution produces more efficient, less
power-hungry devices, power consumption stays approximately constant
or even grows.
Introduction

In the architecture of smartphones, batteries are weak point and ideal
target for attacks known as energy-based attacks.

Differently from classical attacks whose goal is to gain control of the
system or resources, energy based attacks have the objective of
increasing the energy consumption of victim device, in order to exhaust
as rapidly as possible the limited energy budget made available by
batteries.

For the victim mobile devices, battery attacks may
also carry the additional problem of making the
device unusable in a very short time.
Multimedia Attack
A. Attack Model

The attack model described here details the assumptions made regarding the attacker
and its capabilities, as well as the target device.

The attacker is assumed to have no access to device. Thus, no particular app or hostile
agent/malware component is needed to installed on the device under attack.

The only attack vehicle considered is a Web Page with licit (but at the same time
“malicious”) multimedia content.

All smartphones provide users with ability to browse the Web either via a third-party
app or via the Web browser.
A. Attack Model

There are some exist known techniques which are
effective to this end, including social engineering
or advertising some very popular content.

One important constraints is that the attack should
be as stealthy as possible.

There should be no noticeable sign to warn users
that an attack is in progress and, that their battery
is undergoing stress.

Detecting the attacks using existing anti-viral
techniques will be quite difficult since the Anti-virus
engine is not able to distinguish between hostile or
legitimate multimedia playing activities.
B. Playing Stealthy Multimedia Audio Contents

The HTML5 version introduces several interesting features that range
from “hash change event” to “content editable attribute”.

HTML5 supports methods of playing audio and videos on Web
pages without requiring a specific plug-in to be installed.

As said before, to be successful, the multimedia attack should be
as silent and hidden as possible.
B. Playing Stealthy Multimedia Audio Contents

To perform simple audio attack, it is necessary to adopt some tricks such as disable audio control, set the volume to
zero and set the size of a video to 0x0.

Below is the very short example implementing the above mentioned tricks.
<audio autoplay>
<source src="file.mp3" type="audio/mpeg">
</audio>
<video width="0" height="0" autoplay>
<source src="file.mp4" type="video/mp4">
</video>
B. Playing Stealthy Multimedia Audio Contents

The audio file can be an “empty” file, that means that when played it does not contain
any hearable rumors, or can be a file containing only infra-sounds.

In second case, such sounds are at 20Hz below the capabilities of the smartphone
speakers and not hearable by human.

With this assets, it has been possible to test the hypothesis that an “empty” audio file
would consume no energy for the audio codecs.
Experimental Evaluation
A. Identify the most energy-inefficient codec

In order to achieve the best results, it is fundamental to identify the worst
energy-efficient codecs (both for audio and video) to be adopted during
the proposed attack.

In order to realize which coded is supported in the stock Android browser,
all the codecs were tested in the HTNL5 standard in order to check
whichever is supported in the stock Android browser.

The result showed that some codecs are not supported, such as the
Theora one.
B. Research Analysis

In order to evaluate the effectiveness of the proposed attack a properly
crafted testbed has been prepared.

They set up Web server and hosted website containing the HTML5 pages
with the “stuffs” adopted for the attacks.

Such site has been made accessible through wireless LAN to mobile
devices. Experiments have been run on an HTC Incredible S running on
Android v 2.3.
B. Research Analysis

Each test has been performed with three multimedia
files, similar in content, but different in duration.

The first file contained 5 minutes of audio and video
(respectively).

The second contained similar contents for 15 minutes.

The third lasted in 30 minutes.
B. Research Analysis
Power Consumption
(Joule per minute) –
using audio files
B. Research Analysis

Graph describes the detailed consumption of the three audio files (5, 15,
and 30-minutes).

Actual consumptions can be derived by multiplying the values by the
duration of the file.

The wave format is the most power-hungry, although with longer files
differences tend to smooth.

AAC consumes the least energy in the 5-minutes case and in the long 30minutes run, but is overcome by both Opus and MP3 format in the middle
15-minute duration.
B. Research Analysis
Power Consumption
(Joule per minute) –
using
local audio files
B. Research Analysis

Measurements relative to playback of local files are shown in
graph.

This test is performed on local audio file so there is no Wi-Fi
module.

Here again, the uncompressed (wave) format is the worst
performer and AAC the best, apart from a comparatively high
value to the 15-minute play.

In conclusion, perhaps the uncompressed format is the one
achieving the worst results, therefore the audio format of choice
to be used in any multimedia based energy attack.
B. Research Analysis
Power Consumption
(Joule per minute) –
using
video files
B. Research Analysis

Experiments with video files, the H264 and WebM codecs where
compared.

From the break down it can be seen that the CPU portion for
both codecs is very close, while the LCS consumption is higher for
H264.
B. Research Analysis
Power Consumption
(Joule per minute) –
using
Local video files
B. Research Analysis

Now, the local video files has been tested and again the CPU
consumption is approximately the same for H264 and WebM.

The difference can be noted in the portion absorbed by the
display.

The selected codec for the multimedia attack, that is the one
requiring more energy, is thus H264.
Conclusion

Web pages that use HTML5 tags and features in order to start an energybased denial of service attack.

The proposed attach is very difficult to be detected, and as consequence
to be defeated, since it use licit HTML5 pages to introduce multimedia files in
the mobile phone under attack.

Differently from other kind of attacks, the proposed one is also hard to be
seen by using very flexible network-based detection techniques since it
does not adopt conventional behavior of attack.
Questions?