No One Needs Your Permission! How Phones Can Be Used to Track You Even with GPS and Location Turned Off
Disabling location, WiFi and GPS is often believed to be a way to stop tracking - both by advertisers and malicious attackers. However, our phones can still be tracked even with these services turned off. Princeton researchers have revealed that location can be determined by combining information from the device and public sources.
Arsalan Mosenia, Xiaoliang Dai, Prateek Mittal, and Niraj Jha of Princeton University and IEEE released their latest report [PDF] that brings to the front the amount of data that smartphones collect and how this could be used to further attack user privacy. "With the pervasive use of smartphones that sense, collect, and process valuable information about the environment, ensuring location privacy has become one of the most important concerns in the modern age," researchers wrote.
"A few recent research studies discuss the feasibility of processing data gathered by a smartphone to locate the phone's owner, even when the user does not intend to share his location information, e.g., when the Global Positioning System (GPS) is off."
Attacking location privacy by combining phone data with publicly available information
The group discusses how attackers don't even need to know about the target's initial location or use device features like its acceleration to construct potential routes in advance. They focus on PinMe, a mechanism that exploits sensory and non-sensory data already stored on the smartphone to compromise user's location privacy.
This data may include the "environment's air pressure, along with publicly-available auxiliary information, e.g., elevation maps, to estimate the user's location when all location services, e.g., GPS, are turned off." This could also include non-sensory data that is often considered trivial like the smartphone’s timezone and network status.
Researchers said that this "seemingly benign" data stored by smartphones and often accessed by third-party apps could be used along with publicly available "auxiliary data" like "maps, transportation time tables, airports’ specification databases, weather reports, and trains’ heading dataset" to develop an attack against user's location privacy. For example, using IP address, they can make a guess at the city while barometer data could be used to check if a user is on a plane.
PinMe first came to the front last year
This isn't the first time that such an attack has come to the front. The same group released a report last year focusing on this mechanism. Developing PinMe app, they were able to mine information already stored on smartphones that doesn’t require permission for access, and combined it with public data to expose phone's location.
- Using data from gyroscopes, accelerometers, and altitude sensors, for example, they were able to track how fast the person was moving, the direction of their travel, when the subject stopped, and their altitude.
- After aggregating this data, they used algorithms to determine the user's initial location and mode of travel (plane, train, walking).
- After this, they used publicly accessible maps (like OpenStreetMap and elevations maps) to draw a user's route. They also added temperature, humidity and air pressure readings into their data for accuracy.
Looking at how much data fitness apps alone are mining from users (based on gyroscopes, accelerometers, and other sensors), it is almost frighteningly easy for app developers to track their users. This access puts users at risk of exposure to attackers, as well, as we saw in the case of Strava where exact location of military personnel were leaked online.
"PinMe demonstrates how information from seemingly innocuous sensors can be exploited using machine-learning techniques to infer sensitive details about our lives," Prateek Mittal, assistant professor in Princeton’s Department of Electrical Engineering and PinMe paper co-author said.
Security experts have called this attack "extremely potent," and are encouraging the community to work on solutions that could enable users to prevent these attacks. Security and privacy advocates are also demanding OS makers to introduce on/off switches for sensors that would enable users to stop apps from mining information just like they can no longer receive location data if the toggle is turned off. In the meantime, users are recommended not to stop disabling location, GPS, and access to other data as it just makes things easy. For what it's worth, the PinMe attack appears to be a "novel mechanism" potentially employed by well-resourced groups - threat actors or otherwise.
- Slightly modified for clarity and more information.