Security researchers were able to monitor cell phones into a subway με ακρίβεια 90% μέσω των δεδομένων που κλέβουν από το επιταχυνσιόμετρα των Android smartphones.
A PDF document published by security researchers from the Nanjing University of Nanjing, China, says that with motion accelerometer data they help them track the target accurately up to 92%.
Η study is called “We Can Track You If You Take the Metro: Tracking Metro Riders Using Accelerometers on Smartphones” and you can read from here.
Motion sensors are included in modern smartphones. As far as Android devices are concerned, the team reports that they were able to accelerator data because these items do not require special access rights.
Researchers, by combining station and accelerometer position data, were able to determine how the user moves. They used malware that had installed them on smartphones of eight volunteers. Malware read and automatically sent accelerometer data.
Their trials took place in the metro of a large city in China, and researchers were able to locate users of Android users in six stations with an accuracy of up to 92 per cent.
The team explains:
"We believe that if a person with a smartphone containing a malicious application takes the subway, hackers can use the accelerometer to locate him. The reason is that subway trains run on rails, which make their movement much more noticeable than cars or buses that run on normal roads.
It is possible that the movement of a train between two adjacent stations produces (something like) a characteristic fingerprint for the accelerometer of a mobile devices, a vulnerability that helps attackers track a passenger.”
The study says the attack is much more effective and more powerful than a GPS attack or a mobile phone network, as trains in the subway disturb cellular signals and GPS-based applications. It is known that we do not have a signal in the metro.
The team says vulnerability allows the victim's daily program to be recorded. An attacker could read the victim's daily movements through his movements and he will know very personal details, such as when he is at work, when at home, or any other activities.
After careful study of the victim's program, malicious users would be able to predict its movements.
Researchers suggest that such attacks could be disrupted or prevented by the introduction of noise in the Android sensor measurements that collect location-based location information.
In addition, the team says that constant requests for data collection would require a lot of energy, which would seem battery.