Injected and Leaked: Actively Inducing Side-Channel Leakage Using Electromagnetic Injection and Hardware Nonlinearity

Yan, Haoran; Shao, Ziyu; Zhang, Shuhao; Jiang, Qinhong; Long, Yan

A New Class of Injection-Induced EM Side Channels

InjectEave is the first research work showing how EM injection can actively induce and amplify electromagnetic side-channel leakage through hardware nonlinearity. Unlike passive EM eavesdropping, InjectEave reveals a new class of injection-induced EM side channels, where an external RF carrier creates an exploitable leakage path for low-frequency analog secrets. This work establishes injection-induced EM side channels as a practical and systematic research problem.

Importantly, InjectEave does not exploit wireless-communication vulnerabilities such as WiFi or Bluetooth; instead, it targets an inherent hardware vulnerability in electronic devices, so even network- or Bluetooth-disabled devices can remain affected.

How Injection Induces Leakage

The problem: spectral mismatch

In a conventional EM side channel, a device's electrical traces act as unintentional antennas that radiate its internal signals. The intuition is that the frequency of the secret signal and the device's efficient EM emission frequency often face a mismatch: low-frequency analog secrets such as human speech audio (below 20 kHz) and power-consumption or actuation-control signals (below 200 Hz) sit far from the efficient EM leakage frequencies (MHz or GHz range) of the unintentional antenna structures within the device, making them highly challenging targets for passive eavesdropping. An injected EM carrier lets the secret piggyback into that efficient band, overcoming the mismatch.

Passive vs InjectEave: injected EM carriers shift sensitive info into efficient emission band. — Fig. 1: Injected EM carriers piggyback low-frequency secret signals through hardware nonlinearity, bridging the mismatch between the secret signal band and efficient EM leakage bands.

The mechanism: Injection-Modulation-Emission

InjectEave follows an Injection-Modulation-Emission model. Injection: the carrier couples into the device's unintentional antennas. Modulation: a nonlinear component mixes the secret with the carrier, up-converting it into sidebands at the carrier frequency. Emission: unintentional antennas leaked the modulated signal, and the adversary demodulates it back to the secret.

Model of the injection-induced leakage process: a signal generator injects a carrier into an attacked device whose nonlinear components modulate the secret signal, which is re-radiated by an unintentional antenna and demodulated by the adversary. — Fig. 2: Model of the injection-induced leakage process. The injected carrier couples into nonlinear components of the target device and modulates the secret signal into an injection-induced EM leakage signal recoverable by the adversary.

The evidence: nonlinear components

We characterized the four most common nonlinear hardware components: amplifiers, ADCs, switching MOSFETs, and power converters. Under passive conditions, wideband sweeps from 0 to 2 GHz show no discernible leakage. Replacing them with linear resistance loads removes the leakage, confirming that hardware nonlinearity is the key to injection-induced leakage.

Spectrograms showing that ubiquitous nonlinear components, including amplifier, ADC, MOSFET, and power converter, leak secret analog information under EM injection, compared against the conventional passive case. — Fig. 3: Ubiquitous nonlinearities in commodity computing hardware can unintentionally leak secret analog information under EM injection. ^*Directly measured baseband signal. ⁺Baseband signal recovered by down-converting from the carrier frequency. The two segments of signals are concatenated together post-hoc for easier comparison.

Affected Devices

We evaluate InjectEave on 11 commercial devices of 5 different categories, conducted without physical access or hardware/software modifications to the devices. These span audio peripherals such as wireless headphones, wired headphones, and landlines, which are ubiquitous in both public and private spaces, and IoT smart appliances such as smart fans and lamps that are deeply integrated into private environments. By eavesdropping on these devices, an adversary can recover private audio and reveal the operating states of smart-home appliances, directly threatening user privacy.

Table 1: COTS devices affected by InjectEave.
Device type	Brand & model	Year	Leakage source	Max. dist.
Wired headphone	Sony ZX110AP	2014	Amplifier	5 m
Wired earbuds	Apple Earbuds	2016	Amplifier	1 m
Wireless headphone	UGreen MAX2	2024	Amplifier	6 m
	PHILIPS TAH2020	2025		6 m
	HP H231R	2023		4 m
Landline (VoIP)	Flyingvoice P23GW	2023	ADC & amplifier	3 m
Smart fan	OIDIRE ODI-MF10A	2023	Switching MOSFET	6 m
Smart fan	Xiaomi BPLDS10DM	2025	Switching MOSFET	4 m
Smart lamp	JINGZAO JDO-06	2024	Power converter	3 m
Smart lamp	Xiaomi 1S	2019	Power converter	3 m

Hardware setup for evaluating COTS devices: a USRP and Tx antenna inject the carrier while an Rx antenna and spectrum analyzer capture the leakage, controlled from a laptop. — Fig. 4: The hardware setup for evaluating COTS devices.

Demos

Quick Links

Jump directly to a demo, case study, or robustness result.

Part IDemonstrations in a Laboratory Setting

Demo 1: Eavesdropping on Smart Fans' Control Signal

As the fan speed increases, the frequency of the received control signal gradually increases, indicating that the fan's current operating state can be inferred from the received control signal. This enables “Context Inference” attacks: for example, detecting “Sleep Mode” at night can confirm a user’s rest schedule and infer occupancy without the need for visual surveillance.

Demo 2: Eavesdropping on Smart Lamps' Brightness

As the lamp becomes brighter, the intensity of the received power signal gradually increases. By mapping these power levels to vendor-specific presets (e.g., 20% brightness for “Reading”), an adversary can perform “Behavioral Profiling,” transforming a light source into a beacon that exposes a user’s specific activities and routines without requiring any network-level access.

Part IIReal-time Audio Eavesdropping in Real-world Scenarios

Demo 3: Through-wall Eavesdropping (1 m)

The attacker placed the surveillance device in the room adjacent to the victim, eavesdropping on the target at a 1 m distance through a 30 cm concrete wall.

Demo 4: Outdoor Hidden Eavesdropping (6 m)

The attacker hid the surveillance device behind the bushes and conducted long-range eavesdropping on the victim from a distance of 6 m.

Part IIIReal-world Case Studies

Demo 5: Through-wall Audio Eavesdropping in Hotel Rooms

Demo 5 setup diagram: adversary in an adjacent hotel room eavesdropping through a concrete wall. — (a) Case study 1: Hotel room

Text	Secret Audio	InjectEave w/o Denoise	InjectEave w/ Denoise
Let's meet at the entrance of 221B Baker Street at 6pm tomorrow.	Female Male	Female Male	Female Male
My bank card PIN is 9-5-2-7, and the transfer amount is 3,500 US dollars.	Female Male	Female Male	Female Male
Regarding this batch of core chips, our final quote is a unit price of 42.50 dollars, including 13% VAT.	Female Male	Female Male	Female Male

Demo 6: Through-wall Audio Eavesdropping in Meeting Rooms

Demo 6 setup diagram: adversary eavesdropping into a meeting room through a wall. — (b) Case study 2: Meeting room

Text	Secret Audio	InjectEave w/o Denoise	InjectEave w/ Denoise
Let's meet at the entrance of 221B Baker Street at 6pm tomorrow.	Female Male	Female Male	Female Male
My bank card PIN is 9-5-2-7, and the transfer amount is 3,500 US dollars.	Female Male	Female Male	Female Male
Regarding this batch of core chips, our final quote is a unit price of 42.50 dollars, including 13% VAT.	Female Male	Female Male	Female Male

Demo 7: Closed-loop Conversation Eavesdropping & Manipulation on Landline Devices

Demo 7 setup diagram: closed-loop eavesdrop, synthesize, and inject pipeline against a landline phone. — (c) Case study 3: Office

Attack Process

Demo 7 follows an "Eavesdrop-Synthesize-Inject" closed-loop pipeline.

Step 1: Eavesdrop. The attacker monitors side-channel leakage to obtain call context in real time.

Step 2: Synthesize. When trigger keywords (e.g., "quote" or "confirmation") are detected, IndexTTS-2 synthesizes a forged, malicious response with the same speaker identity.

Step 3: Inject. The synthesized audio is injected into the landline output via EM coupling to maliciously manipulate the victim's decision, for example, altering a response from "agree" to "disagree".

Conversation Texts

Reply: "Understood. Since they are a returning client, quote them 5 million." -> Synthesized: "Actually change it to 8 million."
Reply: "Let me think about it. Yes, I agree." -> Synthesized: "Actually, I disagree."
Reply: "Yes, turn right and you will see the hotel." -> Synthesized: "Sorry, please turn left."

Secret Audio	InjectEave w/o Denoise	InjectEave w/ Denoise

Synthesized audio	Microphone-recorded Genuine Speech	Microphone-recorded Injected Synthesized Speech

Part IVAnalog Microphone Inputs

Demo 8: Feasibility Test on Microphone Input

This part examines whether an analog input such as a microphone can also exhibit injection-induced leakage. The demo provides a feasibility case showing signal reception and recovery behavior.

Part VRobustness, Selectivity, and Stealthiness

Demo 9: Robust Eavesdropping Under Multi-device and Ambient RF Interference

The attack is launched on a commercial headphone in a meeting room full of operating electronics and BLE/Wi-Fi appliances, forming a noisy RF environment. The recovered audio remains stable in the presence of nearby active electronics and ambient RF activity.

Demo 10: Frequency Selectivity and Spatial Selectivity

The adversary was initially configured to eavesdrop on the PHILIPS TAH2020. Tuning the carrier frequency switched the attack to the adjacent UGreen MAX2, showing that different headphone models are separable by their distinct frequency bands. Realigning the antennas then isolated one of two same-model UGreen MAX2 units, showing that spatial separation enables selectivity even between identical models.

Demo 11: Stealthiness of Single-tone Injection

The stealthiness of the injection may be compromised by the detectable artifacts in the output audio, especially when the injection strength is very strong. To assess whether the injected tone is detectable even under a worst-case condition, we specifically place the transmitting antenna adjacent to the target headphone (UGreen MAX2) and radiate the single-tone injection carrier at 18 dBm power, while ensuring this setting can induce recoverable leakage.

Stealthiness evaluation setup: the transmitting antenna placed adjacent to the target UGreen MAX2 headphone, injecting the single-tone carrier at 18 dBm. — Fig. 8: Stealthiness evaluation setup

Text	Secret Audio	Recorded Without Injection	Recorded With Injection
Let's meet at the entrance of 221B Baker Street at 6pm tomorrow.	Female Male	Female Male	Female Male
My bank card PIN is 9-5-2-7, and the transfer amount is 3,500 US dollars.	Female Male	Female Male	Female Male
Regarding this batch of core chips, our final quote is a unit price of 42.50 dollars, including 13% VAT.	Female Male	Female Male	Female Male

Implementation & Code

InjectEave is built entirely from commodity RF equipment:

Signal source: USRP B210, transmitting a single-tone carrier.
Antennas: one for injection (Tx), one for receiving the leakage (Rx).
Receiver: Siglent SSA3075X Plus spectrum analyzer, demodulating at the injected carrier frequency.
Host: a laptop that controls the USRP.
Optional: a low-cost RF power amplifier to increase the transmit power.

These are entry-level choices, and each can be swapped for higher-end equipment to push performance further: a lower-phase-noise signal source and spectrum analyzer suppress the system noise floor, a higher-power signal source and a higher-gain power amplifier strengthen the injection, and more directional antennas focus the injected energy on the target and capture more of the returning leakage, together extending the achievable eavesdropping range.

The received signal can be enhanced by a Score-based Generative Model for Speech Enhancement (SGMSE) that restores intelligible speech by filtering out the inter-modulation distortions and suppressing the background noise. The model is open-sourced on Zenodo.

FAQ

When and how much should I worry about this attack?

Whenever vulnerable analog hardware is active, an adversary can inject a carrier and induce it to leak information, without physical access to or modification of the device. Our distance results suggest that InjectEave may pose the most serious threats to everyday audio peripherals and always-on smart-home devices from up to tens of meters away. As hardware nonlinearity is inevitable in computer systems, any device built with nonlinear components is potentially exposed to this attack.

What is the broader impact of this side channel?

Audio is only one of many low-frequency analog secrets, alongside device power consumption, actuation-control signals, and analog sensor inputs. The same Injection-Modulation-Emission mechanism applies to any device with nonlinear components, and such nonlinearity is inevitable in contemporary computer systems. As a result, any device built with nonlinear components is potentially exposed to this attack.

What are some possible defenses?

InjectEave is immune to digital defenses such as encryption, masking, and randomization, because the leakage comes from the analog path. Hardware-aware mitigations such as twisted-pair wiring, shielding, and filtering can lower the energy that the injected carrier couples into the device, reducing the exposure. These mitigations raise the bar, but they do not guarantee immunity. Since injection-induced leakage grows with the injected power, a well-resourced adversary can often overcome them by transmitting at higher power.

Contact

For further questions and collaboration requests, welcome to contact us by email.

Haoran Yan

Yan Long