Researchers track commuters using stolen mobile accelerometer data

Security researchers have tracked commuters with over 90 percent accuracy through accelerometer data stolen from Android smartphones.

In a paper describing the research, titled "We Can Track You If You Take the Metro: Tracking Metro Riders Using Accelerometers on Smartphones" (.PDF), a security team hailing from Nanjing University, China say they were able to use motion accelerometers as a side-channel for an attack aimed at tracking users with up to 92 percent accuracy.

Motion sensors are often included in today's modern smartphones. When it comes to Android devices, the team says they were able to tap into and steal accelerator readings in order to trace commuters, in part because this data does not require specific permissions to access.

The researchers used an interval classifier built based upon semi-supervised machine learning techniques which crunched data from different accelerator sources to track their victims -- merging accelerometer and train station location data to determine where a user was located on their commute. Malware installed on eight volunteer smartphones automatically read and uploaded accelerometer readings.

Testing their theory on a metro in a major Chinese city, the researchers were able to track Android users visiting four and six stations with an accuracy of 89 and 92 percent, respectively. These readings and accuracy could be increased if a wider net of study was conducted, as long as location data was collected at other stations. The team explain:

"We find that if a person with a smartphone takes the metro, a malicious application on her smartphone can use the accelerometer readings to trace her, i.e., infer where she gets on and off the train. The cause is that metro trains run on tracks, making their motion patterns distinguishable from cars or buses running on ordinary roads.
It is possible that the running of a train between two neighboring stations produces a distinctive fingerprint in the readings of 3-axis accelerometer of the mobile device, leveraging which attackers can infer the riding trace of a passenger."

The paper says the attack is more effective and powerful than GPS or cellular network data, as metro trains often run underground which disrupts cellular signals, and GPS-based apps usually require specific user permission to enable.

The team says this attack could be particularly threatening for a number of reasons. Mobile platforms including Android allow apps to access accelerometer data without requiring special permissions or specific user consent, and therefore it is "extremely easy" for threat actors to create malware which would eavesdrop on the accelerometer.

The team also point to how many people use metro stations in major cities -- such as the New York City Subway which caters for between 2.5 million and 5.5 million commuters a day -- and how such malware could then in theory affect a vast population.

Finally, and perhaps more importantly, a victim's daily schedule could be inferred from this tracking. An attacker could read the daily movements of a victim through their commute, and therefore after a few days work out other details such as when they are at home and work, where they go for other activities and predict where they are likely to be at particular times.

The researchers suggest that such attacks could be disrupted or prevented by introducing noise into Android sensor readings which would scramble location-based information. In addition, although less obvious, the team says constant requests for data collection will ramp up power consumption, and so monitoring apps with high battery use could reveal malware at work.