Spying on Temperature using DRAM

Wenjie Xiong^1,a, Nikolaos Athanasios Anagnostopoulos^2,c, André Schaller^2,d, Stefan Katzenbeisser^2,e and Jakub Szefer^1,b
1Yale University, New Haven, CT, USA
^awenjie.xiong@yale.edu
^bjakub.szefer@yale.edu
²Technische Universität Darmstadt, Darmstadt, Germany
^canagnostopoulos@seceng.informatik.tu-darmstadt.de
^dschaller@seceng.informatik.tu-darmstadt.de
^ekatzenbeisser@seceng.informatik.tu-darmstadt.de

ABSTRACT

Today’s ubiquitous IoT devices make spying on, and collecting data from, unsuspecting users possible. This paper shows a new attack where DRAM modules, widely used in IoT devices, can be abused to measure the temperature in the vicinity of the device in order to spy on a user’s behavior. Specifically, the temperature dependency of the DRAM decay is used as a proxy for user’s behavior in the vicinity of the device. The attack can be performed remotely by only changing the software of an IoT device, without requiring hardware changes, and with a resolution reaching 0.5°C. Potential defenses to the temperature spying attack are presented in this paper as well.

Keywords: Security, IoT, DRAM, Temperature.

---

Full Text (PDF)

© 2019 EDAA. All rights reserved.