Location-related data is one of the most sensitive data for user privacy. Theft of location-related information on mobile device poses serious threats to users. Even though the extant confirmation of permissions feature on modern smart devices can prevent direct leakage of information from location-related sensors, recent research has shown that leakage of location-related information is possible through indirect, side-channel attacks. In this paper, we show that the travel path of a vehicle can be inferred without acknowledging the user using a zero-permission smart watch application. The sensor we used in our experiment is the accelerometer sensor on Apple Watch. We find that a targeted user can be traced with 83% accuracy. We suggest that our approach may be used to successfully attack other smart phone devices because it was successful on Apple Watch, which is considered as the most constrained device in the market. This result shows that the zero-permission application on a smart watch, if manipulated adequately, can transform into a high-threat malware.
|Title of host publication||Information Security Applications - 18th International Conference, WISA 2017, Revised Selected Papers|
|Editors||Brent ByungHoon Kang, Taesoo Kim|
|Number of pages||14|
|Publication status||Published - 2018|
|Event||18th World International Conference on Information Security and Application, WISA 2017 - Jeju Island, Korea, Republic of|
Duration: 2017 Aug 24 → 2017 Aug 26
|Name||Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)|
|Other||18th World International Conference on Information Security and Application, WISA 2017|
|Country/Territory||Korea, Republic of|
|Period||17/8/24 → 17/8/26|
Bibliographical noteFunding Information:
Acknowledgement. This work was supported by Institute for Information & communications Technology Promotion (IITP) grant funded by the Korea government (MSIP) (R7117-17-0161, Anomaly detection framework for autonomous vehicles).
© 2018, Springer International Publishing AG, part of Springer Nature.
ASJC Scopus subject areas
- Theoretical Computer Science
- Computer Science(all)