Paper Info
Title
Inferring User Routes and Locations Using Zero-Permission Mobile Sensors
Abstract
Leakage of user location and traffic patterns is a serious security threat with significant implications on privacy as reported by recent surveys and identified by the US Congress Location Privacy Protection Act of 2014. While mobile phones can restrict the explicit access to location information to applications authorized by the user, they are ill-equipped to protect against side-channel attacks. In this paper, we show that a zero-permissions Android app can infer vehicular users' location and traveled routes, with high accuracy and without the users' knowledge, using gyroscope, accelerometer, and magnetometer information. We modeled this problem as a maximum likelihood route identification on a graph. The graph is generated from the OpenStreetMap publicly available database of roads. Our route identification algorithms output both a ranked list of potential routes as well a ranked list of route-clusters. Through extensive simulations over 11 cities, we show that for most cities with probability higher than 50% it is possible to output a short list of 10 routes containing the traveled route. In real driving experiments (over 980 Km) in the cities of Boston (resp. Waltham), Massachusetts, we report a probability of 30% (resp. 60%) of inferring a list of 10 routes containing the true route.
Year
DOI
Venue
2016
10.1109/SP.2016.31
2016 IEEE Symposium on Security and Privacy (SP)
Keywords
Field
DocType
Mobile security,Android security,User privacy,Privacy leakage,Side channel attacks,Android sensors,Location inference,Tracking
Permission,Graph,Internet privacy,Ranking,Computer security,Computer science,Maximum likelihood,Side channel attack,Mobile telephony,Trajectory,restrict
Conference
ISSN
ISBN
Citations 
1081-6011
978-1-5090-0825-4
21
PageRank 
References 
Authors
0.87
22
4
Name
Order
Citations
PageRank
Sashank Narain1423.47
Triet Vo Huu2615.60
Kenneth Block3262.36
Guevara Noubir488775.90