Your phone can give away your location
US military officials were recently caught off guard by revelations that service members’ digital fitness trackers were storing the locations of their workouts — including at or near military bases and clandestine sites around the world. But this threat is not limited to Fitbits and similar devices. Mobile phones can also track their users through stores and cities and around the world — even when users turn off their phones’ location-tracking services.
The vulnerability comes from the wide range of sensors phones are equipped with — not just GPS and communications interfaces, but gyroscopes and accelerometers that can tell whether a phone is being held upright or on its side and can measure other movements, too. Apps on the phone can use those sensors to perform tasks users aren’t expecting — like following a user’s movements turn by turn along city streets.
Most people expect that turning their phone’s location services off disables this sort of mobile surveillance. But research uncovers ways that apps can avoid or escape those restrictions. We have revealed how a phone can listen in on a user’s finger-typing to discover a secret password and how simply carrying a phone in your pocket can tell data companies where you are and where you’re going.
When designing protection for a device or a system, people make assumptions about what threats will occur. Cars, for instance, are designed to protect their occupants from crashes with other cars, buildings, guardrails, telephone poles and other objects commonly found in or near roads. They’re not designed to keep people safe in cars driven off a cliff or smashed by huge rocks dropped on them. It’s just not cost-effective to engineer defenses against those threats, because they’re assumed to be extremely uncommon.
Similarly, people designing software and hardware make assumptions about what hackers might do. But that doesn’t mean devices are safe. One of the first side-channel attacks was identified back in 1996 by cryptographer Paul Kocher, who showed he could break popular and supposedly secure cryptosystems by carefully timing how long it took a computer to decrypt an encrypted message. The cryptosystem designers hadn’t imagined that an attacker would take that approach, so their system was vulnerable to it.
Mobile devices are perfect targets for attack from an unexpected direction. They are stuffed with sensors, usually including at least one accelerometer, a gyroscope, a magnetometer, a barometer, up to four microphones, one or two cameras, a thermometer, a pedometer, a light sensor and a humidity sensor.
Apps can access most of these sensors without asking for permission from the user. And by combining readings from two or more devices, it’s often possible to do things that users, phone designers and app creators alike may not expect. An app was developed that could determine what letters a user was typing on a mobile phone’s keyboard — without reading inputs from the keyboard. Rather, information was combined from the phone’s gyroscope and its microphones.
When a user taps on the screen in different locations, the phone itself rotates slightly in ways that can be measured by the three-axis micromechanical gyroscopes found in most current phones. Further, tapping on a phone screen produces a sound that can be recorded on each of a phone’s multiple microphones.
A tap close to the centre of the screen will not move the phone much, will reach both microphones at the same time, and will sound roughly the same to all the microphones. However, a tap at the bottom left edge of the screen will rotate the phone left and down; it will reach the left microphone faster; and it will sound louder to microphones near the bottom of the screen.
So, can a malicious application infer a user’s whereabouts, including where they lived and worked, and what routes they traveled – information most people consider very private.
The route taken by a driver, for instance, can be simplified into a series of turns, each in a certain direction and with a certain angle. With another app, a phone’s compass was used to observe the person’s direction of travel.
Research is continuing to investigate how side-channel attacks can be used to reveal a variety of private information. For instance, measuring how a phone moves when its owner is walking could suggest how old a person is, whether they are male (with the phone in a pocket) or female (typically with the phone in a purse), or even health information. We assume there is more your phone can tell a snoop — and we hope to find out what, and how, to protect against that sort of spying.
Mobile devices are perfect targets for attack from an unexpected direction. They are stuffed with sensors