Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hackers Can Track Subway Riders' Movements By Smartphone Accelerometer

Posted by samzenpus on from the all-the-better-to-follow-you-with dept.

Patrick O'Neill writes: Tens of millions of daily subway riders around the world can be tracked through their smartphones by a new attack, according to research from China's Nanjing University. The new attack even works underground and doesn't utilize GPS or cell networks. Instead, the attacker steals data from a phone's accelerometer. Because each subway in the world has a unique movement fingerprint, the phone's motion sensor can give away a person's daily movements with up to 92% accuracy.

6 of 69 comments (clear)

  1. Yay by bobstreo · · Score: 3, Insightful

    Now if there were any subways anywhere near where I lived.

    If the accelerometer has such poor security, what other components/sensors are vulnerable?

    1. Re:Yay by tlhIngan · · Score: 4, Insightful

      Yeah, wouldn't it make sense to see where the GPS signal dies, and when it comes back, and persume they took transport from one position to the other? No inertia guessing needed. The Yellow to the Red line is the only way to connect those dots without looping or doubling back. So why do you need to have the accelerometer to confirm?

      Because the accelerometer is often free to use. Accessing GPS requires permission and often has an indicator.

      With this, an app can use the accelerometer surreptitiously while leaving no indication that movement is being tracked - so many apps use it that no one gives a second thought. Using GPS often brings up an alert so the user knows they're being tracked. If your app uses the accelerometer anyways, you can sell that information for tracking. Whereas If you app suddenly popped up "MyCoolApp needs to use the GPS - Allow/Deny?" then people get suspicious.

      At least it does on iOS. I don't know - do apps have free reign over the GPS on Android or do you get alerts when they attempt to use it?

  2. One more hacker tool among many by Tablizer · · Score: 3, Insightful

    If a hacker has access to accelerometer data, he/she probably has access to lots of OTHER personal info also.

    --
    Table-ized A.I.
  3. Progress! by Livius · · Score: 5, Insightful

    The privacy concerns are troubling, but I can't help thinking that's pretty cool.

  4. Re:Add to the list of paranoid gear by Em+Adespoton · · Score: 3, Insightful

    They don't tend to block acceleration, nor do they block data exfiltration when you remove your phone from them to make/receive calls.

  5. "Up To" by Dwedit · · Score: 3, Insightful

    Because 0% accuracy is also "Up To 92%" accuracy.