USB powered devices: A survey of side-channel threats and countermeasures

Recent technological innovations lead to the rise of a plethora of portable electronic devices such as smartphones, small household appliances, and other IoT devices. To power or recharge the battery of such devices, manufacturers identified in the ubiquitous Universal Serial Bus (USB) standard a convenient solution, as it enables both communication and energy supply. Unfortunately, the default trust on USB ports has been exploited by hackers to extract highly sensitive user data on such devices. Despite the efforts by security experts and manufacturers to detect and block this threat, an even more stealthy approach to undermine users privacy relies on side-channel attacks on the USB interface, such as electromagnetic emissions and power consumption. In this paper, we present a comprehensive survey of the state-of-the-art of side-channel analysis on the security of USB-powered devices. Differently from other surveys on USB-based attacks via the communication interface only, this survey considers research works that aim to infer or extract private information from the energy supply, the device itself, or unintentionally available functionalities. In particular, we consider this emergent trend of security work that was not previously considered in other surveys, such as the energy consumption and electromagnetic emission analyses, as well as Juice Filming Charging (JFC) attacks. We first analyze the physical properties of the side-channels and technical characteristics of such research work, we then summarize the countermeasures proposed in the state-of-the-art. Finally, we also identify some possible future directions to foster further research in this field.