Abstract
The localization techniques used in today’s smartphone are mainly based on Global Positioning System (GPS). However, GPS Sensors cannot work properly under in-door and underground locations. Therefore, many applications utilize device sensors such as accelerometer, gyrometer, and magnetometer for indoor localization. In this paper, we present a misuse case of how device sensors can be used to exploit the privacy of a user by geo-tracking. We propose an attack model through which the user location can be compromised without using the GPS sensors. The proposed attack model comprises of two stages. The first stage consists of deployment of the malicious application on the users’ smart-phones and gathering the information of various sensors in the background. The collected sensor data is uploaded to the malicious cloud server set up by the adversary. The second stage consists of pre-processing the sensor data received from the malicious cloud server and plot the user’s trajectory onto a graph in real-time. The proposed attack model is evaluated by developing two applications. The victim application tracks location, direction, and trajectory of the user without any location permission from the user. The proposed model achieves an accuracy of 98% without using special infrastructure and separate training phase. Further, we have discussed three mitigation schemes, which can be adapted by the Android developers in order to protect the user’s privacy.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.