TickTock: Detecting Microphone Status in Laptops Leveraging Electromagnetic Leakage of Clock Signals

Soundarya Ramesh; Ghozali Suhariyanto Hadi; Sihun Yang; Mun Choon Chan; Jun Han

doi:10.1145/3548606.3560698

TickTock: Detecting Microphone Status in Laptops Leveraging Electromagnetic Leakage of Clock Signals

Soundarya Ramesh, Ghozali Suhariyanto Hadi, Sihun Yang, Mun Choon Chan, Jun Han

Department of Electrical and Electronic Engineering

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

We are witnessing a heightened surge in remote privacy attacks on laptop computers. These attacks often exploit malware to remotely gain access to webcams and microphones in order to spy on the victim users. While webcam attacks are somewhat defended with widely available commercial webcam privacy covers, unfortunately, there are no adequate solutions to thwart the attacks on mics despite recent industry efforts. As a first step towards defending against such attacks on laptop mics, we propose TickTock, a novel mic on/off status detection system. To achieve this, TickTock externally probes the electromagnetic (EM) emanations that stem from the connectors and cables of the laptop circuitry carrying mic clock signals. This is possible because the mic clock signals are only input during the mic recording state, causing resulting emanations. We design and implement a proof-of-concept system to demonstrate TickTock's feasibility. Furthermore, we comprehensively evaluate TickTock on a total of 30 popular laptops executing a variety of applications to successfully detect mic status in 27 laptops. Of these, TickTock consistently identifies mic recording with high true positive and negative rates.

Original language	English
Title of host publication	CCS 2022 - Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security
Publisher	Association for Computing Machinery
Pages	2475-2489
Number of pages	15
ISBN (Electronic)	9781450394505
DOIs	https://doi.org/10.1145/3548606.3560698
Publication status	Published - 2022 Nov 7
Event	28th ACM SIGSAC Conference on Computer and Communications Security, CCS 2022 - Los Angeles, United States Duration: 2022 Nov 7 → 2022 Nov 11

Publication series

Name	Proceedings of the ACM Conference on Computer and Communications Security
ISSN (Print)	1543-7221

Conference

Conference	28th ACM SIGSAC Conference on Computer and Communications Security, CCS 2022
Country/Territory	United States
City	Los Angeles
Period	22/11/7 → 22/11/11

Bibliographical note

Funding Information:
We thank Wang Gucheng, Nitya Lakshmanan, Siddharth Rupa-vatharam and Niel Warren for valuable discussions and/or feedback on our paper. This work is supported by the Singapore Ministry of Education Academic Research Fund (R-252-000-B48-114), the Yonsei University Research Fund (2021-22-0337), the Institute of Information and Communications Technology Planning and Evaluation (IITP-2022-0-00420) grant funded by Ministry of Science and ICT (MSIT) in Korea, and the Google PhD Fellowship 2021.

Publisher Copyright:
© 2022 Owner/Author.

All Science Journal Classification (ASJC) codes

Software
Computer Networks and Communications

Access to Document

10.1145/3548606.3560698

Cite this

Ramesh, S., Hadi, G. S., Yang, S., Chan, M. C., & Han, J. (2022). TickTock: Detecting Microphone Status in Laptops Leveraging Electromagnetic Leakage of Clock Signals. In CCS 2022 - Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security (pp. 2475-2489). (Proceedings of the ACM Conference on Computer and Communications Security). Association for Computing Machinery. https://doi.org/10.1145/3548606.3560698

Ramesh, Soundarya ; Hadi, Ghozali Suhariyanto ; Yang, Sihun et al. / TickTock : Detecting Microphone Status in Laptops Leveraging Electromagnetic Leakage of Clock Signals. CCS 2022 - Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security. Association for Computing Machinery, 2022. pp. 2475-2489 (Proceedings of the ACM Conference on Computer and Communications Security).

@inproceedings{022da8d8b8d740ed8668c5711aaeb7b1,

title = "TickTock: Detecting Microphone Status in Laptops Leveraging Electromagnetic Leakage of Clock Signals",

abstract = "We are witnessing a heightened surge in remote privacy attacks on laptop computers. These attacks often exploit malware to remotely gain access to webcams and microphones in order to spy on the victim users. While webcam attacks are somewhat defended with widely available commercial webcam privacy covers, unfortunately, there are no adequate solutions to thwart the attacks on mics despite recent industry efforts. As a first step towards defending against such attacks on laptop mics, we propose TickTock, a novel mic on/off status detection system. To achieve this, TickTock externally probes the electromagnetic (EM) emanations that stem from the connectors and cables of the laptop circuitry carrying mic clock signals. This is possible because the mic clock signals are only input during the mic recording state, causing resulting emanations. We design and implement a proof-of-concept system to demonstrate TickTock's feasibility. Furthermore, we comprehensively evaluate TickTock on a total of 30 popular laptops executing a variety of applications to successfully detect mic status in 27 laptops. Of these, TickTock consistently identifies mic recording with high true positive and negative rates.",

author = "Soundarya Ramesh and Hadi, {Ghozali Suhariyanto} and Sihun Yang and Chan, {Mun Choon} and Jun Han",

note = "Funding Information: We thank Wang Gucheng, Nitya Lakshmanan, Siddharth Rupa-vatharam and Niel Warren for valuable discussions and/or feedback on our paper. This work is supported by the Singapore Ministry of Education Academic Research Fund (R-252-000-B48-114), the Yonsei University Research Fund (2021-22-0337), the Institute of Information and Communications Technology Planning and Evaluation (IITP-2022-0-00420) grant funded by Ministry of Science and ICT (MSIT) in Korea, and the Google PhD Fellowship 2021. Publisher Copyright: {\textcopyright} 2022 Owner/Author.; 28th ACM SIGSAC Conference on Computer and Communications Security, CCS 2022 ; Conference date: 07-11-2022 Through 11-11-2022",

year = "2022",

month = nov,

day = "7",

doi = "10.1145/3548606.3560698",

language = "English",

series = "Proceedings of the ACM Conference on Computer and Communications Security",

publisher = "Association for Computing Machinery",

pages = "2475--2489",

booktitle = "CCS 2022 - Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security",

}

Ramesh, S, Hadi, GS, Yang, S, Chan, MC & Han, J 2022, TickTock: Detecting Microphone Status in Laptops Leveraging Electromagnetic Leakage of Clock Signals. in CCS 2022 - Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security. Proceedings of the ACM Conference on Computer and Communications Security, Association for Computing Machinery, pp. 2475-2489, 28th ACM SIGSAC Conference on Computer and Communications Security, CCS 2022, Los Angeles, United States, 22/11/7. https://doi.org/10.1145/3548606.3560698

TickTock : Detecting Microphone Status in Laptops Leveraging Electromagnetic Leakage of Clock Signals. / Ramesh, Soundarya; Hadi, Ghozali Suhariyanto; Yang, Sihun et al.

CCS 2022 - Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security. Association for Computing Machinery, 2022. p. 2475-2489 (Proceedings of the ACM Conference on Computer and Communications Security).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - TickTock

T2 - 28th ACM SIGSAC Conference on Computer and Communications Security, CCS 2022

AU - Ramesh, Soundarya

AU - Hadi, Ghozali Suhariyanto

AU - Yang, Sihun

AU - Chan, Mun Choon

AU - Han, Jun

N1 - Funding Information: We thank Wang Gucheng, Nitya Lakshmanan, Siddharth Rupa-vatharam and Niel Warren for valuable discussions and/or feedback on our paper. This work is supported by the Singapore Ministry of Education Academic Research Fund (R-252-000-B48-114), the Yonsei University Research Fund (2021-22-0337), the Institute of Information and Communications Technology Planning and Evaluation (IITP-2022-0-00420) grant funded by Ministry of Science and ICT (MSIT) in Korea, and the Google PhD Fellowship 2021. Publisher Copyright: © 2022 Owner/Author.

PY - 2022/11/7

Y1 - 2022/11/7

N2 - We are witnessing a heightened surge in remote privacy attacks on laptop computers. These attacks often exploit malware to remotely gain access to webcams and microphones in order to spy on the victim users. While webcam attacks are somewhat defended with widely available commercial webcam privacy covers, unfortunately, there are no adequate solutions to thwart the attacks on mics despite recent industry efforts. As a first step towards defending against such attacks on laptop mics, we propose TickTock, a novel mic on/off status detection system. To achieve this, TickTock externally probes the electromagnetic (EM) emanations that stem from the connectors and cables of the laptop circuitry carrying mic clock signals. This is possible because the mic clock signals are only input during the mic recording state, causing resulting emanations. We design and implement a proof-of-concept system to demonstrate TickTock's feasibility. Furthermore, we comprehensively evaluate TickTock on a total of 30 popular laptops executing a variety of applications to successfully detect mic status in 27 laptops. Of these, TickTock consistently identifies mic recording with high true positive and negative rates.

AB - We are witnessing a heightened surge in remote privacy attacks on laptop computers. These attacks often exploit malware to remotely gain access to webcams and microphones in order to spy on the victim users. While webcam attacks are somewhat defended with widely available commercial webcam privacy covers, unfortunately, there are no adequate solutions to thwart the attacks on mics despite recent industry efforts. As a first step towards defending against such attacks on laptop mics, we propose TickTock, a novel mic on/off status detection system. To achieve this, TickTock externally probes the electromagnetic (EM) emanations that stem from the connectors and cables of the laptop circuitry carrying mic clock signals. This is possible because the mic clock signals are only input during the mic recording state, causing resulting emanations. We design and implement a proof-of-concept system to demonstrate TickTock's feasibility. Furthermore, we comprehensively evaluate TickTock on a total of 30 popular laptops executing a variety of applications to successfully detect mic status in 27 laptops. Of these, TickTock consistently identifies mic recording with high true positive and negative rates.

UR - http://www.scopus.com/inward/record.url?scp=85143055490&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85143055490&partnerID=8YFLogxK

U2 - 10.1145/3548606.3560698

DO - 10.1145/3548606.3560698

M3 - Conference contribution

AN - SCOPUS:85143055490

T3 - Proceedings of the ACM Conference on Computer and Communications Security

SP - 2475

EP - 2489

BT - CCS 2022 - Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security

PB - Association for Computing Machinery

Y2 - 7 November 2022 through 11 November 2022

ER -

Ramesh S, Hadi GS, Yang S, Chan MC, Han J. TickTock: Detecting Microphone Status in Laptops Leveraging Electromagnetic Leakage of Clock Signals. In CCS 2022 - Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security. Association for Computing Machinery. 2022. p. 2475-2489. (Proceedings of the ACM Conference on Computer and Communications Security). doi: 10.1145/3548606.3560698

TickTock: Detecting Microphone Status in Laptops Leveraging Electromagnetic Leakage of Clock Signals

Abstract

Publication series

Conference

Bibliographical note

All Science Journal Classification (ASJC) codes

Access to Document

Other files and links

Fingerprint

Cite this