from the you-can-run-but-you-can't-hide dept.
Submitted via IRC for TheMightyBuzzard
As it turns out, turning off location services (e.g., GPS) on your smartphone doesn't mean an attacker can't use the device to pinpoint your location.
A group of Princeton University researchers has devised of a novel user-location mechanism that exploits non-sensory and sensory data stored on the smartphone (the environment's air pressure, the device's heading, timezone, network status, IP address, etc.) and publicly-available information to estimate the user's location.
The non-sensory and sensory data needed is stored on users' smartphones and can be easily accessed by any app without the user's approval, which means that the data can be captured through a malicious app or harvested from databases of many legitimate fitness monitoring apps.
Source: https://www.helpnetsecurity.com/2018/02/07/location-tracking-no-gps/
(Score: 1, Insightful) by Anonymous Coward on Friday February 09 2018, @08:21PM (7 children)
These kind of stories are ludicrous. IF your phone gets hacked and IF a specific type of app is installed on it and IF it gets access to specific information, someone can find out where you've BEEN, not necessarily where you are (which would depend on even more variables.
Lame.
(Score: 3, Insightful) by DannyB on Friday February 09 2018, @08:54PM (4 children)
No need for hacking. The app, like a social media app, might be one you chose to install with your free will.
Where you've been is probably related to where you are now.
As others point out here, being able to see certain WiFi APs or cell towers is probably a very good indication of approximately where you are right now. Maybe not pinpoint accuracy.
The lower I set my standards the more accomplishments I have.
(Score: 0) by Anonymous Coward on Friday February 09 2018, @09:16PM (3 children)
That what location services in Android does. According to Google [google.com]:
When the article talks about turning location services off (first sentence) that's what it means.
(Score: 5, Informative) by frojack on Friday February 09 2018, @09:33PM (1 child)
Even with location services turned off, (and wifi turned off) Google has fessed up to still gathering coarse location data data from the cellular towers that the phone can "see". Supposedly this was remove late last year, but since they never announced they were doing it in the first place who could possibly know that for sure.
https://www.theverge.com/2017/11/21/16684818/google-location-tracking-cell-tower-data-android-os-firebase-privacy [theverge.com]
The problem I have with this is not so much with Google knowing where I am, but every scrap of data they collect is warrant bait.
No, you are mistaken. I've always had this sig.
(Score: 2) by Hyperturtle on Saturday February 10 2018, @05:38PM
That's how the original google maps application worked on phones without GPS. They were the preferred solution for situations like that, at least back when they still said they'd try not to be evil.
Way back when, the blackberry with wifi was the same price as the one with GPS. However, the GPS model came with "10 free GPS lookups per month" and cost extra per utilization, and did not come with wifi. There was no model that had both. Android was not out yet.
That wifi model still worked just fine with google maps and even the integrated blackberry maps; it used the cell phone towers to triangulate your position. The denser the urban environment (and cell phone towers), the better the coverage (perhaps contrary to GPS wisdom). Anyone that needed to map their route with any frequency did not buy the GPS version; it was way too expensive and was priced crazy after those 10 uses; like $1.50 per instance. Imagine if they tried to do that today! The signals are still the same ones from space; it was just a restrictive licensed feature controlled by the Telco.
Anyway, that tracking ability... I wouldn't call it coarse; it was the way to do it before GPS integration was ubiquitious. It was very good for what it was and could quite accurately place you and your movements based on the nearby cell towers and your signal.
Back then, GPS was crummy because it was imprecise for consumers and expensive besides; the cell tower method was free and not as arbitrarily fuzzy as what consumer GPS was required by law to be. Using GPS at the time, your place on the road could drift by 10 feet and end up showing you were in on-coming traffic. That was with high end consumer gear. GPS became more precise later on after the US government lifted the requirement to make the precise location more fuzzy; they had been afraid of terrorists making guided missles with the GPS and whathaveyou, but industry pressure (and a few 'think of the children mobile 911 location tracking!') helped integrate GPS into all phones and make it almost as useful as military gear. THe change was instant when they allowed the precision; nothing on the consumer side had to be updated. Everything just got signals that weren't messed up and could display correctly with no upgrade or update or costs.
During that same time period, I did have a seperate GPS for my car; one of those portable 'trackmate' devices that plugged into a computer serial port, such as on a laptop. I actually did just that, and had installed the metro area maps for the surrounding states and it worked even when off-line, much to the amazement of people that couldn't understand how a map program could be actually installed on something you own, and taken with you. Just plug the laptop into the cigarette lighter and it was good for the entire trip. I brought the whole darn CD with me and did a cross country road trip with the GPS and blew the minds of my passengers that there were no data charges or anything like that. Later, when android became more common, people could not believe that you could have maps locally and not use Google. (Google did a good job keeping people in-network even back then...)
Of course, those maps and the CD I used are old now; some of the advice it gives will not include new routes to the same destination. But it all still works and comes at no extra cost since it was from an era where you paid up-front with your money, and not forever with your data.
(Score: 2) by DannyB on Saturday February 10 2018, @03:25PM
With location services turned off, an app might independently implement techniques which can identify your location.
The lower I set my standards the more accomplishments I have.
(Score: 0) by Anonymous Coward on Friday February 09 2018, @11:13PM
Also if they dig through the patent stack they can find an even easier way. Which cell towers they are talking to. We used to used this all the time at Qualcomm and Omnitracs. It was good to about 20-30 feet.
(Score: 1, Insightful) by Anonymous Coward on Saturday February 10 2018, @12:52AM
Not at all ridiculous. It's good science . Have a read.
Basically, any app can track you, regardless if permissions. Some of the techniques they developed can help improve geolocation functionality in general.
(Score: 4, Insightful) by Anonymous Coward on Friday February 09 2018, @08:29PM (11 children)
Knowing which WiFi APs are available nearby is usually enough to get your location to about 50m accuracy.
Try it for yourself - use a computer without GPS but with WiFi enabled and let your browser report your location to this page: https://edsu.github.io/creepy-polaroid/ [github.io]
The machine does not have to be associated with any AP, it just needs to be able to see some WiFi APs. If a WiFi AP is visible it usually means you're within 50-100m of that AP.
Google has built up a DB of WiFi AP and GSM tower locations partly with their streetview vehicles and it's probably updated regularly by zillions of android devices with GPS + WiFi + GSM towers. The default "high accuracy" setting likely reports WiFi info to Google.
(Score: 3, Interesting) by requerdanos on Friday February 09 2018, @08:32PM (6 children)
This is true, handy, cool, and creepy, but it's a relatively recent development.
It used to be that we were all near the access point "linksys" no matter where we were. Ah, the good old days of locational obscurity.
(Score: 0) by Anonymous Coward on Friday February 09 2018, @08:44PM (1 child)
Times sure have changed now we are all near the access point "xfinitywifi" no matter where we are. Ah the good new days of today when ubiquitous xfinitywifi actually works, instead of the bad old days of unconfigured "linksys" that might not even have been plugged into the internet.
(Score: 2) by DannyB on Friday February 09 2018, @08:58PM
Probably numerically fewer people are near the access point "we can hear you having sex".
The lower I set my standards the more accomplishments I have.
(Score: 4, Interesting) by frojack on Friday February 09 2018, @08:48PM (1 child)
Recent? No.
Its been available for as long as cell phones had wifi. Skyhook [skyhookwireless.com] is an actual thing and has been around much longer than smart phones.
And the resolution is far far more granular than 50 meters, because signal strength from a dozen APs can be compared on the phone or ex-filtrated and you can usually arrive at a two meter circle. The phone itself know what room you are in, especially if your phone can see more than one AP. And if the phone can see, so can Apple and Google, and any rogue app.
This story rides on the back of the fitness app revealing concentrations of soldiers revelation of a few days ago. Stop sending this stuff to the cloud people!
No, you are mistaken. I've always had this sig.
(Score: 3, Insightful) by EETech1 on Saturday February 10 2018, @05:36AM
That's one of the great hypocrisies of locate my phone, if you leave location off, you can't locate your missing phone, even though they know exactly where it is!
Just like telling Google don't track my location and search history, all it does is make maps less convenient to use... If I open maps, look something up STAR it, and then close the maps app, only to open it again 30 minutes later to find the same location, it intentionally avoids giving me the same location again, only because I told them to not track my location and search history.
I always keep track of how many characters I have to type before Google knows what I want, and I know for a fact that it takes more the second time I search for something. Because of a setting that says please don't monitor this about me...
But they still do!
I'm being punished for taking advantage of a false sense of privacy!
(Score: 1, Insightful) by Anonymous Coward on Friday February 09 2018, @08:53PM
Those APs might all be called linksys but most of them had different MAC addresses.
Speaking of recent developments nowadays many GSM/etc cells are smaller. So the telcos and "friends" have more and more accurate info on where your phones are. It's not like most people turn off their phones for hours or carry them permanently in airplane mode.
So this fancy barometer stuff isn't necessary for 99% of the scenarios. Only in a few scenarios does your malicious app get installed on a phone that never has any cellular or WiFi access and it also doesn't matter that the app can't communicate via cellular network or WiFi.
(Score: 0) by Anonymous Coward on Friday February 09 2018, @09:26PM
Would not the database be keyed by the AP's hardware MAC address?
"A MAC Address is a unique identifier used to mark a specific piece of hardware. With wireless access points (APs), this is always transmitted as the base station identifier (BSSID), alongside the name of the access point (ESSID). Using your computer's network settings manager you can view an AP's BSSID and in turn discover its MAC address."
Source: https://yourbusiness.azcentral.com/mac-address-access-point-19756.html [azcentral.com]
(Score: 0) by Anonymous Coward on Friday February 09 2018, @08:34PM (2 children)
I have hundreds of WiFi APs and I change the SSIDs and MAC addresses constantly to fuck with Google. Eat my junk data, scum suckers.
(Score: 2) by frojack on Friday February 09 2018, @08:59PM (1 child)
Yeah, guess what, fool:
Your upstream never changes, and all it takes ONE MAC address being disappearing and another reappearing to figure this out. You have no control of the mac immediatly up stream of yours, and no control of the finger printing already performed on the computers behind your APs, nor do you have control of every app on every device reporting its MAC to the mother ship.
No, you are mistaken. I've always had this sig.
(Score: 1, Touché) by Anonymous Coward on Friday February 09 2018, @09:15PM
Are you sure you know how the data link layer works?
(Score: 0) by Anonymous Coward on Friday February 09 2018, @08:44PM
Oh and most people don't carry around phones that have their cellphone function disabled most of the time. So the telco can know where the phone is. Sometimes very accurately if it's associated to a pico-cell or femto cell.
Some elevators don't drop calls ( https://www.fcc.gov/help/public-safety-tech-topic-23-femtocells [fcc.gov] ). So if you and your phone are in one of those elevators in theory someone could know you're in that elevator and thus know pretty accurately where you are.
I use Tasker and the GSM tower info is good enough for my phone to know whether it's home or at my workplace or other places without needing WiFi or GPS enabled. Tasker's accuracy is lower for cell-tower stuff since it doesn't use signal strength info. But the telco or similar might be able to.
(Score: 5, Funny) by requerdanos on Friday February 09 2018, @08:31PM (9 children)
Data of one type, and data not of that type. Um, okay, what does that leave out? That means "all data without restriction" in the same way that "up to 15 or more*" is the set of all real numbers.
It's word-salad hand-waving, probably done in the interest of getting the account shorter so that it will fit into my attention span. Fair enough.
------------------------
* No, despite the clear and persistent anthropomorphic amphibian advertising, no insurance company is going to save you the set of all real numbers.
(Score: 2) by JoeMerchant on Friday February 09 2018, @08:43PM (6 children)
I agree with AC above, all that's needed is the ID of a few nearby WiFi access points - that already translates into a practical location map.
🌻🌻 [google.com]
(Score: 0) by Anonymous Coward on Friday February 09 2018, @09:01PM
Don't forget cellphone towers and femtocells too. Some people still carry around their phones to use as phones ;).
(Score: 2) by frojack on Friday February 09 2018, @09:24PM (4 children)
But, that stuff is usually NOT sent, unless you sneak a rogue app onto the device.
So we are right back where the first AC post on this thread started. Without app support this is pretty much impossible in real time.
Do I have apps on my phone that might send location info to someplace in the cloud? Probably. So what? I know where the power switch is.
No, you are mistaken. I've always had this sig.
(Score: 3, Insightful) by JoeMerchant on Friday February 09 2018, @09:51PM (2 children)
I think the point is: just disabling location info access to an app doesn't really disable location info.
So, your kid downloads Kandy Krush unKorked and now you're being tracked by the Romanian mafia every time the app is running...
🌻🌻 [google.com]
(Score: 2) by PiMuNu on Saturday February 10 2018, @04:16AM
So, your kid downloads Skype and now you're being tracked by the NSA every time the app is running...
FTFY
(Score: 0) by Anonymous Coward on Saturday February 10 2018, @01:23PM
Or - hacker hacks public Wi-Fi/payment system/whatever and users that to get into your phone that's running an outdated Android and install an app that has the appropriate permissions. Now, whenever you go to a CVS, Starbucks, etc., your phone is used to attack their systems, collect info, and whatever other nefarious things. They can also map the botnet spread and decide on additional targets.
(Score: 2) by bob_super on Friday February 09 2018, @09:51PM
I'm pretty sure Google used to say it might collect localization data even when localization services are off.
Of course, turning off both WiFi and GPS makes the location a lot less precise, but after a while learning your habits, it's not a stretch to imagine that Google gets pretty good at guessing.
(Score: 0) by Anonymous Coward on Friday February 09 2018, @10:15PM (1 child)
You are looking at this like a mathematician, not a linguist/human.
Speaking for myself, the writer is trying to make clear that it is not only sensory data which is used, which is the implicit assumption for tracking location information. Let's compare alternatives.
-Oh, so they can now figure out another way to use GPS? I guess I'm safe because I have it turned off.
-Oh, so they can now use non-sensory information. I need to be careful, but I can keep my humidity monitor on.
-Oh, so they are figuring out clever stuff like using humidity. I'll just turn off all my phone sensors and use it as a mobile computer to connect to wifi only.
-Oh, so they are using all types of data on a phone. How irksome.
(Score: 2) by requerdanos on Saturday February 10 2018, @12:10AM
Yeah, I heard they use up to fifteen percent or more of that data. Irksome indeed!
(Score: 1, Touché) by Anonymous Coward on Saturday February 10 2018, @06:25AM
And make them pay for it!