AudioJacked - Theft of Money and Information （AudioJacked窃取金钱和信息）.pdf

AudioJacked - Theft of Money and Information Through a Phone’s Audio Port Alex Gould, COMP116 Ming Chow Video The video accompanying this paper can be found at: /file/d/0B_s2ARkgeNzwUE12OGVCeFpwdzg/view?usp=sharing. Acknowledgments Immense thanks to William Woodruff at the University of Maryland College Park, who first discovered this erratic behavior due to a pair of faulty head- phones, and was constantly available to run new tests with them and supply new ideas. This project would not exist without you, in every sense of the word. Many thanks to Maretta Morovitz, who provided invaluable editing assistance (and helped me locate breadboards when I thought there were none). Many thanks for the help, and thanks for a great term! And a huge thanks to Max Bernstien and Chris Gregg for lending me a 3.5mm audio cable during an emergency! Abstract In this paper, I demonstrate how software interrupts can be sent through a standard headphone port found on most smartphones that direct the phone’s operating system to send personal information about the recipient to an at- tacker, as well as add charges to a user’s phone bill that are paid directly to the attacker’s account. To the Community I chose this topic due to my love of low-level machine coding, but I discovered the bug in particular due to a happy accident, when a frayed headphone cable caused erratic behaviors in a friend’s iPhone. The breakthrough seemed so clever that I decided to make it the focus of this project. (I also have a love affair with ’90s computer systems, so something like this seemed right for me.) 1 Why should you care? For the same reason that you don’t protect your house with a state-of-the-art security system and then leave the door unlocked. There’s constant awareness of techniques like “juice jacking” through USB chargers or malicious ap