TY - GEN
T1 - WheelLogger
T2 - 18th World International Conference on Information Security and Application, WISA 2017
AU - Park, Joon Young
AU - Yun, Jong Pil
AU - Lee, Dong Hoon
N1 - Funding Information:
Acknowledgement. This work was supported by Institute for Information & communications Technology Promotion (IITP) grant funded by the Korea government (MSIP) (R7117-17-0161, Anomaly detection framework for autonomous vehicles).
Publisher Copyright:
© 2018, Springer International Publishing AG, part of Springer Nature.
PY - 2018
Y1 - 2018
N2 - Location-related data is one of the most sensitive data for user privacy. Theft of location-related information on mobile device poses serious threats to users. Even though the extant confirmation of permissions feature on modern smart devices can prevent direct leakage of information from location-related sensors, recent research has shown that leakage of location-related information is possible through indirect, side-channel attacks. In this paper, we show that the travel path of a vehicle can be inferred without acknowledging the user using a zero-permission smart watch application. The sensor we used in our experiment is the accelerometer sensor on Apple Watch. We find that a targeted user can be traced with 83% accuracy. We suggest that our approach may be used to successfully attack other smart phone devices because it was successful on Apple Watch, which is considered as the most constrained device in the market. This result shows that the zero-permission application on a smart watch, if manipulated adequately, can transform into a high-threat malware.
AB - Location-related data is one of the most sensitive data for user privacy. Theft of location-related information on mobile device poses serious threats to users. Even though the extant confirmation of permissions feature on modern smart devices can prevent direct leakage of information from location-related sensors, recent research has shown that leakage of location-related information is possible through indirect, side-channel attacks. In this paper, we show that the travel path of a vehicle can be inferred without acknowledging the user using a zero-permission smart watch application. The sensor we used in our experiment is the accelerometer sensor on Apple Watch. We find that a targeted user can be traced with 83% accuracy. We suggest that our approach may be used to successfully attack other smart phone devices because it was successful on Apple Watch, which is considered as the most constrained device in the market. This result shows that the zero-permission application on a smart watch, if manipulated adequately, can transform into a high-threat malware.
UR - http://www.scopus.com/inward/record.url?scp=85049477703&partnerID=8YFLogxK
U2 - 10.1007/978-3-319-93563-8_8
DO - 10.1007/978-3-319-93563-8_8
M3 - Conference contribution
AN - SCOPUS:85049477703
SN - 9783319935621
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 87
EP - 100
BT - Information Security Applications - 18th International Conference, WISA 2017, Revised Selected Papers
A2 - Kang, Brent ByungHoon
A2 - Kim, Taesoo
PB - Springer Verlag
Y2 - 24 August 2017 through 26 August 2017
ER -