Spying on Temperature using DRAM
Wenjie Xiong1,a, Nikolaos Athanasios Anagnostopoulos2,c, André Schaller2,d, Stefan Katzenbeisser2,e and Jakub Szefer1,b
1Yale University, New Haven, CT, USA
awenjie.xiong@yale.edu
bjakub.szefer@yale.edu
2Technische Universität Darmstadt, Darmstadt, Germany
canagnostopoulos@seceng.informatik.tu-darmstadt.de
dschaller@seceng.informatik.tu-darmstadt.de
ekatzenbeisser@seceng.informatik.tu-darmstadt.de
ABSTRACT
Today’s ubiquitous IoT devices make spying on, and collecting data from, unsuspecting users possible. This paper shows a new attack where DRAM modules, widely used in IoT devices, can be abused to measure the temperature in the vicinity of the device in order to spy on a user’s behavior. Specifically, the temperature dependency of the DRAM decay is used as a proxy for user’s behavior in the vicinity of the device. The attack can be performed remotely by only changing the software of an IoT device, without requiring hardware changes, and with a resolution reaching 0.5°C. Potential defenses to the temperature spying attack are presented in this paper as well.
Keywords: Security, IoT, DRAM, Temperature.