Skip to main content
Presentation
UnLocIn: Unauthorized Location Inference on Smartphones without Being Caught
International Conference on Security and Privacy in Mobile Information and Communication Systems (PRISMS) (2013)
  • Le Nguyen, Carnegie Mellon University
  • Yuan Tian, Carnegie Mellon University
  • Sungho Cho, Carnegie Mellon University
  • Wookjong Kwak, Carnegie Mellon University
  • Sanjay Parab, Carnegie Mellon University
  • Yu Seung Kim, Carnegie Mellon University
  • Patrick Tague, Carnegie Mellon University
  • Joy Zhang, Carnegie Mellon University
Abstract
Location privacy has become one of the critical issues in the smartphone era. Since users carry their phones everywhere and all the time, leaking users’ location information can have dangerous implications. In this paper, we leverage the idea that Wi-Fi parameters not considered to be “sensitive” in the Android platform can be exploited to learn users’ location. Though the idea of using Wi-Fi information to breach location privacy is not new, we extend the basic idea and show that clever attackers can do so without being detected by current malware detection techniques. To achieve this goal, we develop the Unauthorized Location Inference attack (UnLocIn) that is transparent to both the victim user and the malware detection software, using the seemingly insensitive permission to access Wi-Fi state. This permission is used by 51 of the top 100 free apps on Google Play. We demonstrate that the UnLocIn attack allows the attacker to infer the victim’s location with 50 meter accuracy in 20% of cases and within a few hundred meters on average. In addition, we discuss potential defenses against our proposed UnLocIn attack.
Publication Date
June, 2013
Citation Information
Le Nguyen, Yuan Tian, Sungho Cho, Wookjong Kwak, et al.. "UnLocIn: Unauthorized Location Inference on Smartphones without Being Caught" International Conference on Security and Privacy in Mobile Information and Communication Systems (PRISMS) (2013)
Available at: http://works.bepress.com/patrick_tague/30/