UnLocIn: Unauthorized Location Inference on Smartphones without Being CaughtInternational Conference on Security and Privacy in Mobile Information and Communication Systems (PRISMS) (2013)
AbstractLocation privacy has become one of the critical issues in the smartphone era. Since users carry their phones everywhere and all the time, leaking users’ location information can have dangerous implications. In this paper, we leverage the idea that Wi-Fi parameters not considered to be “sensitive” in the Android platform can be exploited to learn users’ location. Though the idea of using Wi-Fi information to breach location privacy is not new, we extend the basic idea and show that clever attackers can do so without being detected by current malware detection techniques. To achieve this goal, we develop the Unauthorized Location Inference attack (UnLocIn) that is transparent to both the victim user and the malware detection software, using the seemingly insensitive permission to access Wi-Fi state. This permission is used by 51 of the top 100 free apps on Google Play. We demonstrate that the UnLocIn attack allows the attacker to infer the victim’s location with 50 meter accuracy in 20% of cases and within a few hundred meters on average. In addition, we discuss potential defenses against our proposed UnLocIn attack.
Publication DateJune, 2013
Citation InformationLe Nguyen, Yuan Tian, Sungho Cho, Wookjong Kwak, et al.. "UnLocIn: Unauthorized Location Inference on Smartphones without Being Caught" International Conference on Security and Privacy in Mobile Information and Communication Systems (PRISMS) (2013)
Available at: http://works.bepress.com/patrick_tague/30/