USB side-channel attack on Tor.

Tor is used to communicate anonymously by millions of daily users, which rely on it for their privacy, security, and often safety. In this paper we present a new attack on Tor that allows a malicious USB charging device (e.g., a public USB charging station) to identify which website is being visited by a smartphone user via Tor, thus breaking Tor’s primary use case. Our attack solely depends on power measurements performed while the user is charging her smartphone, and it does not require the adversary to observe any network traffic or to transfer data through the smartphone’s USB port. We evaluated the attack by training a machine learning model on power traces from 50 regular webpages and 50 Tor hidden services. We considered realistic constraints such as different network types (LTE and WiFi), Tor circuit types, and battery charging levels. In our experiments, we were able to correctly identify webpages visited using the official mobile Tor browser with accuracies up to 85.7% when the battery was fully charged, and up to 46% when the battery level was between 30% and 50%. Both results are substantially higher than the 1% baseline of random guessing. Surprisingly, our results show that hidden services can be identified with higher accuracies than regular webpages (e.g., 84.3% vs. 68.7% over LTE).