Malware Tracks a Smartphone Without Location Data

Uploaded on 2015-03-10 in TECHNOLOGY--Developments, FREE TO VIEW, TECHNOLOGY--Hackers

The way your smartphone uses power provides a simple way to track it, say computer scientists who have developed an app to prove it.

Nobody wants to think they are being tracked evenhough they carry the technology to do so in their own pockets. That's why the Android and iOS operating system prevent third party apps from accessing location data without the specific permission of the user. But it turns out that malware can track you anyway, without this data.

Malicious software can determine the position of a smartphone simply by measuring the way it uses the power. The technique is straightforward in theory. The idea is that a smartphone's power usage depends largely on the distance from the nearest base station. As a user moves, this distance changes, increasing or decreasing the power needed to communicate with a base station. So the power usage profile is strongly correlated with the movement of the phone, or in other words, with the route taken by its owner. Given several different potential routes, the power usage profile should reveal which the user has taken.

So what can be done to prevent this kind of spying? One option is to prevent apps gaining access to power usage data at all, although this is probably overkill. A better option is to give apps access to power usage data other than those involved in radio communication.

That should be straightforward to implement, if Android or iOS can be bothered.

Technology Review

 

« Kenya: Step Up Cyber War Against Al Shabaab
The Future of Government Surveillance - Looks Like This »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Gigamon

Gigamon

Gigamon provides intelligent Traffic Visability solutions that provide unmatched visbility into physical & birtual networks without affecting the performance or stability of production environments.

Ammune.ai

Ammune.ai

Ammune.ai (formerly L7 Defense) helps organizations to protect their infrastructure, applications, customers, employees, and partners against the growing risk of API-borne attacks.

Harel Mallac Technologies

Harel Mallac Technologies

Harel Mallac Technologies is a Mauritian organisation that has developed a strong network of ICT specialists with nodes across the African continent.

Path Forward IT

Path Forward IT

Path Forward IT has been troubleshooting, architecting, migrating, protecting, and securing IT environments for businesses across the USA since 2002.

ClearHub

ClearHub

The aim of ClearHub is simple: to give businesses like yours access to the best talent, all screened and technically tested by Clearvision’s expert team.

IntelliDyne

IntelliDyne

IntelliDyne is a leading information technology consulting firm enabling better mission performance through innovative technology solutions.

Senteon

Senteon

Senteon is a turnkey cybersecurity platform designed to make securing confidential data affordable, understandable, and streamlined for small-to-mid sized businesses and MSPs.

Secrutiny

Secrutiny

Scrutiny's core services include Cyber Maturity, Cyber Risk Analyser, Cyber Controls, Incident Response, SOC, Cyber Recovery and Assurance Testing.

Persistent Systems

Persistent Systems

Persistent Systems are a trusted Digital Engineering and Enterprise Modernization partner, combining deep technical expertise and industry experience to help our clients.

InterSec Inc.

InterSec Inc.

InterSec Inc. is a cybersecurity company that offers a variety of services to small and medium-sized businesses including CMMC Compliance, Program Management, Governance, & Cybersecurity.

Kubus Hitam

Kubus Hitam

Kubus Hitam are a research-based company focused on cyber security. we strongly believe that innovation and safety are the two keywords for the future business market.

Fortreum

Fortreum

Fortreum aim to simplify cybersecurity in the marketplace to accelerate your business outcomes.

HashiCorp

HashiCorp

At HashiCorp, we believe infrastructure enables innovation, and we are helping organizations to operate that infrastructure in the cloud.

Knowit

Knowit

Knowit support customers in the digital transformation, simplify people’s everyday lives and create secure and innovative solutions enabling a sustainable future.

LetsData

LetsData

LetsData uses AI to provide governments, intergovernmental organizations, civil society, and businesses with data-empowered decisions on communication in the age of online disinformation.

DataGuard

DataGuard

DataGuard is a security and compliance software company trusted by organisations across the globe.