UnLocIn: Unauthorized location inference on smartphones without being caught

Location privacy has become one of the critical issues in the smartphone era. Since users carry their phones everywhere and all the time, leaking users' location information can have dangerous implications. In this paper, we leverage the idea that Wi-Fi parameters not considered to be “sensitive” in the Android platform can be exploited to learn users' location. Though the idea of using Wi-Fi information to breach location privacy is not new, we extend the basic idea and show that clever attackers can do so without being detected by current malware detection techniques. To achieve this goal, we develop the Unauthorized Location Inference attack (UnLocIn) that is transparent to both the victim user and the malware detection software, using the seemingly insensitive permission to access Wi-Fi state. This permission is used by 51 of the top 100 free apps on Google Play. We demonstrate that the UnLocIn attack allows the attacker to infer the victim's location with 50 meter accuracy in 20% of cases and within a few hundred meters on average. In addition, we discuss potential defenses against our proposed UnLocIn attack.

[1]  R. Sekar,et al.  On the Limits of Information Flow Techniques for Malware Analysis and Containment , 2008, DIMVA.

[2]  Byung-Gon Chun,et al.  Vision: automated security validation of mobile apps at app markets , 2011, MCS '11.

[3]  Dieter Schmalstieg,et al.  Indoor Positioning and Navigation with Camera Phones , 2009, IEEE Pervasive Computing.

[4]  Paul A. Zandbergen,et al.  Accuracy of iPhone Locations: A Comparison of Assisted GPS, WiFi and Cellular Positioning , 2009 .

[5]  Byung-Gon Chun,et al.  TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones , 2010, OSDI.

[6]  Srdjan Capkun,et al.  Attacks on public WLAN-based positioning systems , 2009, MobiSys '09.

[7]  David Kotz,et al.  Risks of Using AP Locations Discovered Through War Driving , 2006, Pervasive.

[8]  Cheng Wang,et al.  LIFT: A Low-Overhead Practical Information Flow Tracking System for Detecting Security Attacks , 2006, 2006 39th Annual IEEE/ACM International Symposium on Microarchitecture (MICRO'06).

[9]  Patrick D. McDaniel,et al.  On lightweight mobile phone application certification , 2009, CCS.

[10]  Dawn Song,et al.  Privacy Scope: A Precise Information Flow Tracking System For Finding Application Leaks , 2009 .

[11]  Alessandro Orso,et al.  Dytan: a generic dynamic taint analysis framework , 2007, ISSTA '07.

[12]  Heng Yin,et al.  Dynamic Spyware Analysis , 2007, USENIX Annual Technical Conference.

[13]  James Newsome,et al.  Dynamic Taint Analysis for Automatic Detection, Analysis, and SignatureGeneration of Exploits on Commodity Software , 2005, NDSS.

[14]  Mauro Conti,et al.  CRePE: Context-Related Policy Enforcement for Android , 2010, ISC.

[15]  Ying Zhang,et al.  PnLUM : System for Prediction of Next Location for Users with Mobility , 2012 .

[16]  Martin L. Griss,et al.  SensOrchestra: Collaborative Sensing for Symbolic Location Recognition , 2010, MobiCASE.