Malware Tracks a Smartphone Without Location Data

Uploaded on 2015-03-10 in TECHNOLOGY--Developments, FREE TO VIEW, TECHNOLOGY--Hackers

The way your smartphone uses power provides a simple way to track it, say computer scientists who have developed an app to prove it.

Nobody wants to think they are being tracked evenhough they carry the technology to do so in their own pockets. That's why the Android and iOS operating system prevent third party apps from accessing location data without the specific permission of the user. But it turns out that malware can track you anyway, without this data.

Malicious software can determine the position of a smartphone simply by measuring the way it uses the power. The technique is straightforward in theory. The idea is that a smartphone's power usage depends largely on the distance from the nearest base station. As a user moves, this distance changes, increasing or decreasing the power needed to communicate with a base station. So the power usage profile is strongly correlated with the movement of the phone, or in other words, with the route taken by its owner. Given several different potential routes, the power usage profile should reveal which the user has taken.

So what can be done to prevent this kind of spying? One option is to prevent apps gaining access to power usage data at all, although this is probably overkill. A better option is to give apps access to power usage data other than those involved in radio communication.

That should be straightforward to implement, if Android or iOS can be bothered.

Technology Review

 

« Kenya: Step Up Cyber War Against Al Shabaab
The Future of Government Surveillance - Looks Like This »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

High-Tech Bridge

High-Tech Bridge

High-Tech Bridge SA is a Swiss MSSP provider offering security auditing, source code review and computer forensics.

Computer Laboratory - University of Cambridge

Computer Laboratory - University of Cambridge

Computer security has been among the Laboratory’s research interests for many years, along with related topics such as cryptology

Team8

Team8

Team8 is Israel’s most prestigious cybersecurity think tank and venture creation foundry.

HackCon Norway

HackCon Norway

HackCon is for the people who are interested in technology, psychology, IT and security, and who wants to improve their knowledge within these areas.

Cienaga Systems

Cienaga Systems

Cienaga Systems is a leader in autonomous cyber threat hunting technology.

Merlin Cyber

Merlin Cyber

Merlin is a premier cybersecurity platform that leverages security technologies, trusted relationships, and capital to develop and deliver groundbreaking security solutions.

NuCrypt

NuCrypt

NuCrypt is developing technology that is applicable to ultrahigh security data encryption as well as key distribution.

Depth Security

Depth Security

Depth Security assessment services provide organizations with real-world visibility into threats facing their infrastructure and applications.

TrustGrid

TrustGrid

Trustgrid is a pioneer and leader in secure, cloud-native software-defined connectivity.

Air IT

Air IT

Air IT are a responsive, client-focused and award-winning Managed Service Provider, helping clients achieve success and transformation through their IT and communications.

Trustifi

Trustifi

Trustifi leads the market with the easiest to use and deploy email security products, providing both inbound and outbound email security from a single vendor.

StealthPath

StealthPath

StealthPath is focused on endpoint protection, securing the “implicit trust” vulnerabilities of current leading information security solutions.

NexGen Cyber

NexGen Cyber

NexGen Cyber helps customers in commercial SMB markets with IT security, security integration, service management, outsourced service transition, and transformative security solutions.

Geobridge

Geobridge

Geobridge was one of the first information security solutions providers to support cryptography and payment applications for payment processors, financial institutions and retail organizations.

SUCCESS Computer Consulting

SUCCESS Computer Consulting

SUCCESS Computer Consulting is a leader in managed IT and security services for small and medium-sized businesses in Minneapolis, St. Paul, and the surrounding Twin Cities Metro area.

Palindrome Technologies

Palindrome Technologies

Palindrome Technologies help clients defend against cyberattacks across all attack surfaces, including hardware, software, network-to-cloud, people, and emerging technologies.