A Smart Framework for Fine-Grained Microphone Acoustic Permission Management

Microphones attracted a lot of attentions from attackers due to the sensitivity of voice data: attackers may control devices through abusing their microphones, fingerprint devices by measuring their microphones, or directly monitor the microphone readings to steal users’ private data. Nevertheless, OS developers failed to address the severe consequences. While the current security mechanism only offers a coarse-grained access control over the usage of microphones: recording all sound or shutting off, it is necessary to redesign the microphone security mechanism to enforce fine-grained restrictions over the usage of microphones. In this article, we propose a fine-grained microphone access control scheme on Android platform, referred to as FMC (Finer Microphone Controller). In our scheme, microphone acoustic permissions are granted with three finer policies: treble policy , timbre policy and exclusion policy , with which most of the attacks mentioned above can be defended against. In addition, to ease user’s policy management, we employ a smart policy recommendation method, avoiding additional manual policy approvals. The results in our experiments show that a negligible 1.06 percent performance overhead is incurred during policy enforcement. Besides, the policy recommendation system in FMC promises an accuracy of 82.82 percent averagely. We believe that our work is a practical defense scheme against attacks exploiting microphone acoustic permissions and should be employed by OS developers.