Open MTuner opened 5 years ago
A couple questions about this work:
AbsoluteOrientationSensor
(which utilizes magnetometer data) can also be used for this attack?I have created a proof of concept page at https://mtuner.github.io/sc-magnetic-poc. It intentionally produces a very distinct CPU activity pattern while measuring magnetometer using the Sensor API, and shows the recorded values. We have not published the code from the paper yet, it is planned but may take some time.
Regarding the AbsoluteOrientationSensor, we have not investigated it in detail, a quick test similar to the PoC page does not show visually noticeable influence. I would assume that disturbance caused by the CPU is not strong enough to significantly affect a sensor fusion.
I would like to share potential privacy issues regarding magnetometer sensors, as an addition to the listed in the current Working Draft.
As we discuss in the paper, the Secure context and Limited sampling frequency do limit the attack vectors, but do not prevent the side channel completely. Therefore, we think it is better to ask a user for a permission (to not grant it by default) and/or further decrease the sampling frequency.
Do you know if there are any plans to release the Magnetometer interface in Chrome or other browsers (without the #enable-generic-sensor-extra-classes flag)?