Multimedia-Based Battery Drain Attach for Android Devices PRESENTED BY: RASHMIN PATEL overview Introduction Multimedia Attacks Experimental Evaluation Conclusion Introduction In last years, smartphones are increasingly spreading all over the world, in such a way that they are now the primary or sole communication device for many people. Hardware development is growing at rapid rate. The performance of CPUs, memories, and displays, as well as the complexity of embedded software is increasing. However, battery-related technologies are not being improved at the same pace. There are several reasons for this state of affairs. Batteries rely on complex electrochemical interactions. Introduction Improvement in battery capacity will typically require a breakthrough in the chemical involved. The second limiting reason to battery capacity growth depends on size and safety constraints. Current trends are calling for thin phones which makes hard to change battery chemicals to get the better output. In conclusion, while hardware evolution produces more efficient, less power-hungry devices, power consumption stays approximately constant or even grows. Introduction In the architecture of smartphones, batteries are weak point and ideal target for attacks known as energy-based attacks. Differently from classical attacks whose goal is to gain control of the system or resources, energy based attacks have the objective of increasing the energy consumption of victim device, in order to exhaust as rapidly as possible the limited energy budget made available by batteries. For the victim mobile devices, battery attacks may also carry the additional problem of making the device unusable in a very short time. Multimedia Attack A. Attack Model The attack model described here details the assumptions made regarding the attacker and its capabilities, as well as the target device. The attacker is assumed to have no access to device. Thus, no particular app or hostile agent/malware component is needed to installed on the device under attack. The only attack vehicle considered is a Web Page with licit (but at the same time “malicious”) multimedia content. All smartphones provide users with ability to browse the Web either via a third-party app or via the Web browser. A. Attack Model There are some exist known techniques which are effective to this end, including social engineering or advertising some very popular content. One important constraints is that the attack should be as stealthy as possible. There should be no noticeable sign to warn users that an attack is in progress and, that their battery is undergoing stress. Detecting the attacks using existing anti-viral techniques will be quite difficult since the Anti-virus engine is not able to distinguish between hostile or legitimate multimedia playing activities. B. Playing Stealthy Multimedia Audio Contents The HTML5 version introduces several interesting features that range from “hash change event” to “content editable attribute”. HTML5 supports methods of playing audio and videos on Web pages without requiring a specific plug-in to be installed. As said before, to be successful, the multimedia attack should be as silent and hidden as possible. B. Playing Stealthy Multimedia Audio Contents To perform simple audio attack, it is necessary to adopt some tricks such as disable audio control, set the volume to zero and set the size of a video to 0x0. Below is the very short example implementing the above mentioned tricks. <audio autoplay> <source src="file.mp3" type="audio/mpeg"> </audio> <video width="0" height="0" autoplay> <source src="file.mp4" type="video/mp4"> </video> B. Playing Stealthy Multimedia Audio Contents The audio file can be an “empty” file, that means that when played it does not contain any hearable rumors, or can be a file containing only infra-sounds. In second case, such sounds are at 20Hz below the capabilities of the smartphone speakers and not hearable by human. With this assets, it has been possible to test the hypothesis that an “empty” audio file would consume no energy for the audio codecs. Experimental Evaluation A. Identify the most energy-inefficient codec In order to achieve the best results, it is fundamental to identify the worst energy-efficient codecs (both for audio and video) to be adopted during the proposed attack. In order to realize which coded is supported in the stock Android browser, all the codecs were tested in the HTNL5 standard in order to check whichever is supported in the stock Android browser. The result showed that some codecs are not supported, such as the Theora one. B. Research Analysis In order to evaluate the effectiveness of the proposed attack a properly crafted testbed has been prepared. They set up Web server and hosted website containing the HTML5 pages with the “stuffs” adopted for the attacks. Such site has been made accessible through wireless LAN to mobile devices. Experiments have been run on an HTC Incredible S running on Android v 2.3. B. Research Analysis Each test has been performed with three multimedia files, similar in content, but different in duration. The first file contained 5 minutes of audio and video (respectively). The second contained similar contents for 15 minutes. The third lasted in 30 minutes. B. Research Analysis Power Consumption (Joule per minute) – using audio files B. Research Analysis Graph describes the detailed consumption of the three audio files (5, 15, and 30-minutes). Actual consumptions can be derived by multiplying the values by the duration of the file. The wave format is the most power-hungry, although with longer files differences tend to smooth. AAC consumes the least energy in the 5-minutes case and in the long 30minutes run, but is overcome by both Opus and MP3 format in the middle 15-minute duration. B. Research Analysis Power Consumption (Joule per minute) – using local audio files B. Research Analysis Measurements relative to playback of local files are shown in graph. This test is performed on local audio file so there is no Wi-Fi module. Here again, the uncompressed (wave) format is the worst performer and AAC the best, apart from a comparatively high value to the 15-minute play. In conclusion, perhaps the uncompressed format is the one achieving the worst results, therefore the audio format of choice to be used in any multimedia based energy attack. B. Research Analysis Power Consumption (Joule per minute) – using video files B. Research Analysis Experiments with video files, the H264 and WebM codecs where compared. From the break down it can be seen that the CPU portion for both codecs is very close, while the LCS consumption is higher for H264. B. Research Analysis Power Consumption (Joule per minute) – using Local video files B. Research Analysis Now, the local video files has been tested and again the CPU consumption is approximately the same for H264 and WebM. The difference can be noted in the portion absorbed by the display. The selected codec for the multimedia attack, that is the one requiring more energy, is thus H264. Conclusion Web pages that use HTML5 tags and features in order to start an energybased denial of service attack. The proposed attach is very difficult to be detected, and as consequence to be defeated, since it use licit HTML5 pages to introduce multimedia files in the mobile phone under attack. Differently from other kind of attacks, the proposed one is also hard to be seen by using very flexible network-based detection techniques since it does not adopt conventional behavior of attack. Questions?