Researchers Track Subway Rider’s Movements Through Mobile Phones

Tuesday, June 09, 2015

Anthony M. Freed

6d117b57d55f63febe392e40a478011f

A team of Chinese researchers say they have devised a methodology to track the movements of subway riders through motion detectors that are standard features on most mobile phones.

While GPS signals and those that are part of the cell phone carrier’s network are typically well protected to prevent unwanted surveillance by random attackers, motion sensors such as the accelerometer that enables screen rotation based on the position of the device are susceptible to tracking, according to the research.

Subways have a unique fingerprint because they run on tracks that designate a predetermined path, and the researchers say they have created a method distinguish each subway route by gathering data from cell phone accelerometers by way of malware on a target’s phone.

“The cause is that metro trains run on tracks, making their motion patterns distinguishable from cars or buses running on ordinary roads. Moreover, due to the fact that there are no two pairs of neighboring stations whose connecting tracks are exactly the same in the real world, the motion patterns of the train within different intervals are distinguishable as well.”

“If an attacker can trace a smartphone user for a few days, he may be able to infer the user’s daily schedule and living/working areas and thus seriously threaten her physical safety,” the researchers said.

Accelerometers can be accessed, run, and monitored without users noticing because they do not have display indicators like GPS and cell service features, and the only way a target might notice they are being tracked is by an excessive drain on their device’s battery, as the attacker has to continuously access the accelerometer.

The research has yet to be peer reviewed, but the researcher said they have tested the technique by tracking volunteers carrying smartphones through subways in Nanjing with up to a 92% accuracy rate.

This was cross-posted from the Dark Matters blog.

11042
General Impersonation Phishing Phreaking General PDAs/Smart Phones
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.