Even when you’re unable to maintain mobile and GPS connections underground, hackers may still be able to keep track of you. Researchers have discovered that they can trace the movements of train passengers with 92 per cent accuracy, using just the motion sensing aboard smartphones.
A team of researchers from Nanjing University has developed a technique which uses the distinctive routes of subway systems to match up data from a user’s phone to their real-life subterranean motion. “[M]etro trains run on tracks, making their motion patterns distinguishable from cars or buses running on ordinary roads,” write the researchers, in a paper that’s yet to be peer-reviewed. “Moreover, due to the fact that there are no two pairs of neighbouring stations whose connecting tracks are exactly the same in the real world, the motion patterns of the train within different intervals are distinguishable as well.”
Using that fact, reports Daily Dot, they have developed a system which installs malware on a user’s phone to steal accelerometer data, then compares it to subway fingerprints that are learned from existing travel data. When they sent out a team of volunteers with compromised handsets, they were able to track their trips through the subways of Nanjing with between 70 and 92 per cent accuracy. In a paper, the researchers explain the implications:
“If an attacker can trace a smartphone user for a few days, he may be able to infer the user’s daily schedule and living/working areas and thus seriously threaten her physical safety. Another interesting example is that if the attacker finds Alice and Bob often visit the same stations at similar non-working times, he may infer that Bob is dating Alice.”
All this is made possible because accelerometer data isn’t as carefully guarded as GPS and mobile connections; users aren’t alerted when an app reads information form a phone’s motion sensor, for instance. In a world where mobile data, Wi-Fi and GPS can’t penetrate, the train may have seemed like a safe haven in which to avoid tracking. That seemingly isn’t the case. [arXiv via Daily Dot]
Picture: Subodh Bharati/Flickr