Just because there's no signal in underground subway tunnels doesn't mean hackers can't track you as you ride the rails. New research shows that clever hackers can track the movements of millions of subway riders around the world by breaking into smartphone motion detectors, new research from Chinese academics reveals.
The attack tracks subway riders with 92 percent accuracy.
The ability to track subway riders represents a significant security threat to the tens of millions of people who use public transportation each day, especially military officials and senior civil service employees.
There are more than 5.5 million daily New York City subway passengers, representing a broad swatch of government, law enforcement, judiciary and industry who are exposed to tracking.
"If an attacker can trace a smartphone user for a few days, he may be able to infer the user’s daily schedule and living/working areas and thus seriously threaten her physical safety," wrote Jingyu Hua, Zhenyu Shen, and Sheng Zhong of Nanjing University. "Another interesting example is that if the attacker finds Alice and Bob often visit the same stations at similar non-working times, he may infer that Bob is dating Alice."
Smartphones are considered God’s gift to spies. They offer a wide variety of tracking tools, from the browser to the GPS sensor, and they stay with their owners all day, every day. In short, they're the perfect spy technology.
What is particularly startling about the new research is that it works without either cell service or GPS, both of which are heavily protected from attackers and won't work underground anyway.
Motion sensors, like the accelerometer that enables screen rotation, are in theory less useful to an attacker yet can still be vulnerable and can give vital information away.
In this case they can be used to infer location because every subway in the world has a unique fingerprint, the researchers found, and every time a train runs between two stations, that fingerprint can be read in the accelerometer, giving hackers access to crucial positioning information.
“The cause is that metro trains run on tracks, making their motion patterns distinguishable from cars or buses running on ordinary roads,” the researchers wrote. “Moreover, due to the fact that there are no two pairs of neighboring stations whose connecting tracks are exactly the same in the real world, the motion patterns of the train within different intervals are distinguishable as well.”
The researchers attack learns each subway’s fingerprint and then installs malware on a target’s phone that steals accelerometer readings and maps their patterns back to the unique train fingerprints.
The researchers confirmed their findings by performing experiments in China by tracking volunteers carrying smartphones through subways in Nanjing. The accuracy of their lcoation tracking reached 70 to 92 percent.
The attack is "more effective and powerful than using GPS or cellular network to trace metro passengers," the researchers said, because accelerometers aren't protected the way GPS and cell networks are in the phone's security settings.
An accelerometer can, in fact, be accessed, run, and read without the user knowing, while smartphones display indicators pop up when GPS or cell service is being used, tipping the user off that something is running in the background.