Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

MarcoPolo: A Zero-Permission Attack for Location Type Inference from the Magnetic Field using Mobile Devices

Beatrice Perez, Abhinav Mehrotra, Mirco Musolesi

TL;DR

This paper argues that applications can still infer the coarse-grain location information by using alternative sensors that are available in off-the-shelf mobile devices that do not require any permissions from the users.

Abstract

Location information extracted from mobile devices has been largely exploited to reveal our routines, significant places, and interests just to name a few. Given the sensitivity of the information it reveals, location access is protected by mobile operating systems and users have control over which applications can access it. We argue that applications can still infer the coarse-grain location information by using alternative sensors that are available in off-the-shelf mobile devices that do not require any permissions from the users. In this paper we present a zero-permission attack based on the use of the in-built magnetometer, considering a variety of methods for identifying location-types from their magnetic signature. We implement the proposed approach by using four different techniques for time-series classification. In order to evaluate the approach, we conduct an in-the-wild study to collect a dataset of nearly 70 hours of magnetometer readings with six different phones at 66 locations, each accompanied by a label that classifies it as belonging to one of six selected categories. Finally, using this dataset, we quantify the performance of all models based on two evaluation criteria: (i) leave-a-place-out (using the test data collected from an unknown place), and (ii) leave-a-device-out (using the test data collected from an unknown device) showing that we are able to achieve 40.5% and 39.5% accuracy in classifying the location-type for each evaluation criteria respectively against a random baseline of approximately 16.7% for both of them.

MarcoPolo: A Zero-Permission Attack for Location Type Inference from the Magnetic Field using Mobile Devices

TL;DR

This paper argues that applications can still infer the coarse-grain location information by using alternative sensors that are available in off-the-shelf mobile devices that do not require any permissions from the users.

Abstract

Location information extracted from mobile devices has been largely exploited to reveal our routines, significant places, and interests just to name a few. Given the sensitivity of the information it reveals, location access is protected by mobile operating systems and users have control over which applications can access it. We argue that applications can still infer the coarse-grain location information by using alternative sensors that are available in off-the-shelf mobile devices that do not require any permissions from the users. In this paper we present a zero-permission attack based on the use of the in-built magnetometer, considering a variety of methods for identifying location-types from their magnetic signature. We implement the proposed approach by using four different techniques for time-series classification. In order to evaluate the approach, we conduct an in-the-wild study to collect a dataset of nearly 70 hours of magnetometer readings with six different phones at 66 locations, each accompanied by a label that classifies it as belonging to one of six selected categories. Finally, using this dataset, we quantify the performance of all models based on two evaluation criteria: (i) leave-a-place-out (using the test data collected from an unknown place), and (ii) leave-a-device-out (using the test data collected from an unknown device) showing that we are able to achieve 40.5% and 39.5% accuracy in classifying the location-type for each evaluation criteria respectively against a random baseline of approximately 16.7% for both of them.
Paper Structure (29 sections, 6 figures, 5 tables)

This paper contains 29 sections, 6 figures, 5 tables.

Table of Contents

  1. Introduction
  2. Overview
  3. Key Concepts
  4. Motivation
  5. Related Work
  6. Model-Based Localization
  7. Fingerprint-Based Localization
  8. Contribution to the State of the Art
  9. Methodology
  10. Techniques for Feature Extraction
  11. Full Signal Matching.
  12. Statistical Descriptors.
  13. Automated Feature Extraction.
  14. Shapelets (in Time Domain).
  15. Shapelets (in Frequency Domain).
  16. ...and 14 more sections

Figures (6)

  • Figure 1: Overview of the zero-permission attack leveraging the magnetometer of mobile devices to capture magnetic field readings.
  • Figure 2: Visual representation of a shapelet. In the figure, each sequence is the longest common time-series present in at least 90% of the observations for each location-type. The length of the shapelet can vary per class as it is possible to observe in the plot. Some might be shorter than others.
  • Figure 3: Confusion matrices for the methods evaluated for the leave-a-place-out scenario for the best classifier/configuration.
  • Figure 4: Confusion Matrix for the best configuration: Leave-a-Place-Out.
  • Figure 5: Confusion matrices for the methods evaluated for the leave-a-device-out scenario for the best classifier/configuration.
  • ...and 1 more figures