Location Privacy Violation via GPS-agnostic Smart Phone Car Tracking

 

ABSTRACT

 

Smart phones nowadays are equipped with GPS chips to enable navigation and location-based services. A malicious app with the access to GPS data can easily track the person who carries the smart phone. People may disable the GPS module and turn it on only when necessary to protect theirl ocation privacy. However, in this paper, we demonstrate that an attacker is still able to track a person by using the embedded magnetometer sensor in victim’s smart phone, even when the GPS module is disabled all the time. Moreover, this attack neither requests user permissions related to locations for installation, nor does its operation rely on wireless signals like WiFi positioning or suffer from signal propagation loss. Only the angles of a car’s turning measured by the magnetometer sensor of a driver’s smart phone are utilized. Without loss of generality, we focus on car tracking, since cars are popular transportation tools in developed countries, where smart phones are commonly used. Inspired by the intuition that a car may exhibit different turning angles at different road intersections, we find that an attacker can match car turning angles to a map to infer the actual path that the driver takes. We address technical challenges about car turn angle extraction, map database construction, and path matching algorithm design to make this attack practical and efficient. We also perform an evaluation using real-world driving paths toverify the relationship between the numbers of turns and the time cost of the matching algorithm. The results show that it is possible for attacker to precisely pinpoint the actual path when the driving path includes 11 turns or more. More simulations are performed to demonstrate the attack with lager selected local areas.

EXISATING SYSTEM:

Global Positioning Systems (GPS) are widely used in military and civilian applications for navigation and localization. Advancements in mobile technologies further allow GPS to be integrated into mobile devices to provide various location based services (LBS). Indeed, more and more emerging smart phone apps like Instagram , Uber, Google Drive, WhatsApp, etc. can access GPS data, and hence concerns have been raised regarding location privacy . Malicious apps with access

to the GPS can easily track geographic movement traces of a person, and consequently discover sensitive personal information health conditions, and hobbies. To avoid being tracked, one intuitive method is to disable the GPS module on smart phones. People who are concerned about privacy may turn on GPS only when necessary. However, in this paper, we reveal a new attack that tracks a person without requiring the access to the GPS module. We herein focus on driver tracking, because cars are the most commonly used transportation tool in developed countries. To attract victims, the attacker may camouflage a malicious app in the form of a free game, social network tool, music player, etc. Once downloaded, the installation of the malicious app neither requests user permissions related to locations, nor does the operation of the app rely on wireless signals for localization like WiFi positioning. Hence, it does not suffer from the permission control mechanisms of current smart phones or the propagation loss of radio signals.

PROPOSED SYSTEM:

In this paper, we discover a new attack that uses a smart phone to track a car without requesting access to GPS module on this phone. The attacker first detects the angles of car turns utilizing the changing magnitude of compass readings, which can be collected from a magnetometer sensor installed on the smart phone, and then compares car turn angles with road intersection angles to find the path traversed by a target driver. in this paper, we demonstrate that an attacker is still able to track a person by using the embedded magnetometer sensor in victim’s smart phone, even when the GPS module is disabled all the time. Moreover, this attack neither requests user permissions related to locations for installation, nor does its operation rely on wireless signals like WiFi positioning or suffer from signal propagation loss. Only the angles of a car’s turning measured by the magnetometer sensor of a driver’s smart phone are utilized. Without loss of generality, we focus on car tracking, since cars are popular transportation tools in developed countries, where smart phones are commonly used. Inspired by the intuition that a car may exhibit different turning angles at different road intersections, we find that an attacker can match  car turning angles to a map to infer the actual path that the driver takes. We address technical challenges about car turn angle extraction, map database construction, and path matching algorithm design to make this attack practical and efficient. We also perform an evaluation using real-world driving paths to verify the relationship between the numbers of turns and the time cost of the matching algorithm.

CONCLUSION :

In this paper, we discover a new attack that uses a smart phone to track a car without requesting access to GPS module on this phone. The attacker first detects the angles of car turns utilizing the changing magnitude of compass readings, which can be collected from a magnetometer sensor installed on the smart phone, and then compares car turn angles with road intersection angles to find the path traversed by a target driver. To enable the comparison, the attacker also creates its own map database through refining that which is provided by the OSM project. We validate the impact of the attack through 30 driving paths collected from real-world driving experiences.