Guevara Noubir has received funding for communications security research from the U.
But this threat is not limited to Fitbits and similar devices. The vulnerability comes from the wide range of sensors phones are equipped with — not just GPS and communications interfaces, but gyroscopes and accelerometers that can tell whether a phone is being held upright or on its side and can measure other movements too.
When designing protection for a device or a system, people make assumptions about what threats will occur. Cars, for instance, are designed to protect their occupants from crashes with other cars, buildings, guardrails, telephone poles and other objects commonly found in or near roads.
see Similarly, people designing software and hardware make assumptions about what hackers might do. One of the first side-channel attacks was identified back in by cryptographer Paul Kocher, who showed he could break popular and supposedly secure cryptosystems by carefully timing how long it took a computer to decrypt an encrypted message. There have been many other attacks through the years using all sorts of different approaches. The recent Meltdown and Spectre vulnerabilities that exploit design flaws in computer processors, are also side-channel attacks.
Mobile devices are perfect targets for this sort of attack from an unexpected direction. They are stuffed with sensors , usually including at least one accelerometer, a gyroscope, a magnetometer, a barometer, up to four microphones, one or two cameras, a thermometer, a pedometer, a light sensor and a humidity sensor. Apps can access most of these sensors without asking for permission from the user. When a user taps on the screen in different locations, the phone itself rotates slightly in ways that can be measured by the three-axis micromechanical gyroscopes found in most current phones.
A tap close to the center of the screen will not move the phone much, will reach both microphones at the same time, and will sound roughly the same to all the microphones.
However, a tap at the bottom left edge of the screen will rotate the phone left and down; it will reach the left microphone faster; and it will sound louder to microphones near the bottom of the screen and quieter to microphones elsewhere on the device. Processing the movement and sound data together let us determine what key a user pressed, and we were right over 90 percent of the time.
This sort of function could be added secretly to any app and could run unnoticed by a user. The route taken by a driver, for instance, can be simplified into a series of turns, each in a certain direction and with a certain angle.
How do you track phone number locations? of the service allows you to get a more detailed report on the whereabouts of the cell phone. Find your phone. Lost your phone? Try some simple steps, like showing the location or locking the screen, to help you secure it. Sign In to Start.
And the accelerometer showed whether a user was stopped, or moving. By measuring a sequence of turns, and stringing them together as a person travels, we could make a map of their movements.
In our work, we knew which city we were tracking people through, but a similar approach could be used to figure out what city a person was in. The TeleNav tracking service is an optional feature that lets business owners track the location of their company phones.
If your phone is not signed up for the TeleNav tracking service you will be unable to locate your phone using this technique.
This article was written by the It Still Works team, copy edited and fact checked through a multi-point auditing system, in efforts to ensure our readers only receive the best information. To submit your questions or ideas, or to simply learn more about It Still Works, contact us.
Step 1 Call your cellphone.
Video of the Day.