Side-channel attacks on mobile devices have gained increasing attention since their introduction in 2007. While traditional side-channel attacks, such as power analysis attacks and electromagnetic analysis attacks, required physical presence of the attacker as well as expensive equipment, an (unprivileged) application is all it takes to exploit the leaking information on modern mobile devices. Given the vast amount of sensitive information that are stored on smartphones, the ramifications of side-channel attacks affect both the security and privacy of users and their devices.

In this talk, I will present our latest work on how an adversary can exploit side-channel information, in this case power from the phone battery, to maliciously control a public charging station in order to exfiltrate data from a smartphone via a USB charging cable (i.e. without using the data transfer functionality).

In the second part of my talk, I will briefly present an overview of existing side-channel attacks on mobile devices and argue for the need of a new categorization system as side-channel attacks have evolved significantly since their introduction during the smartcard era. I will explain how our proposed categorization system will help to facilitate the development of novel countermeasures and provide insights into possible future research directions.