Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hackers Can Track Subway Riders' Movements By Smartphone Accelerometer

Posted by samzenpus on from the all-the-better-to-follow-you-with dept.

Patrick O'Neill writes: Tens of millions of daily subway riders around the world can be tracked through their smartphones by a new attack, according to research from China's Nanjing University. The new attack even works underground and doesn't utilize GPS or cell networks. Instead, the attacker steals data from a phone's accelerometer. Because each subway in the world has a unique movement fingerprint, the phone's motion sensor can give away a person's daily movements with up to 92% accuracy.

4 of 69 comments (clear)

  1. Re:Yay by Imagix · · Score: 5, Informative

    Read the article closer. Nowhere does it say that a stock phone is susceptible to this sort of attack. The story is presuming that malware has been installed onto the phone. Then, shockingly, software that has been granted access to the hardware can read the hardware. Inertial navigation systems have been in use since at least WW II. And if you have software on the phone that has purloined access to the accelerometer... it would like also have access to the wifi, cell and GPS stuff too.

  2. Progress! by Livius · · Score: 5, Insightful

    The privacy concerns are troubling, but I can't help thinking that's pretty cool.

  3. Good Luck by dohzer · · Score: 5, Funny

    Here in Melbourne, Australia our train system has a unique movement footprint.
    Accellerating and breaking for no reason, trains that skip stations or terminate at random ones; this baby's got it all. Good luck decoding the position from that.

  4. Re:Yay by tlhIngan · · Score: 4, Insightful

    Yeah, wouldn't it make sense to see where the GPS signal dies, and when it comes back, and persume they took transport from one position to the other? No inertia guessing needed. The Yellow to the Red line is the only way to connect those dots without looping or doubling back. So why do you need to have the accelerometer to confirm?

    Because the accelerometer is often free to use. Accessing GPS requires permission and often has an indicator.

    With this, an app can use the accelerometer surreptitiously while leaving no indication that movement is being tracked - so many apps use it that no one gives a second thought. Using GPS often brings up an alert so the user knows they're being tracked. If your app uses the accelerometer anyways, you can sell that information for tracking. Whereas If you app suddenly popped up "MyCoolApp needs to use the GPS - Allow/Deny?" then people get suspicious.

    At least it does on iOS. I don't know - do apps have free reign over the GPS on Android or do you get alerts when they attempt to use it?