Friend
Professional
- Messages
- 2,653
- Reaction score
- 850
- Points
- 113
A team of researchers from the Indian Institute of Technology in Delhi has revealed a new technology called AndroCon that allows the use of partially processed GPS data to track the surroundings of an Android device.
The new attack uses GPS signal metadata to covertly gather detailed environmental information with frightening accuracy, and affects up to 90% of Android users worldwide.
The study is based on the analysis of GPS data from an area of 40,000 square kilometers. different environments using differentiated Android devices equipped with different GPS chipsets.
AndroCon implements machine learning (ML) algorithms to convert partially processed GPS signals into a powerful tool for environmental sensing, human activity recognition, and indoor mapping.
Traditionally, GPS-based sensing has been limited to basic location and signal strength data.
However, with the release of Android 7, apps allow access to more GPS data as part of 39 functions such as signal strength, Doppler shifts, and SNR.
By analyzing the data available to apps, AndroCon can determine whether the user is indoors or outdoors, moving or standing, in a crowded place, or even in close proximity to certain landmarks such as stairs or elevators.
The method provides an astounding accuracy of 99.6% in determining the context of the environment and an accuracy of 87% in classifying human activity.
Even more serious is AndroCon's ability to create floor plans with an accuracy of just 4 meters, allowing attackers to reconstruct detailed floor plans of buildings without having to access other sensors and cameras.
In addition, AndroCon is able to provide attackers with the ability to track users' movements inside buildings, identify their encounters, or even target specific individuals in crowded areas.
The researchers emphasize that the vulnerability works even when the device is in airplane mode and when all communication channels are turned off while applications retain access to GPS data.
The results of the study were presented to Android developers, who acknowledged the problems and are now working to fix them.
However, the researchers warn that until Android implements stronger security measures, users should remain vigilant about the permissions that are granted to apps.
Source
The new attack uses GPS signal metadata to covertly gather detailed environmental information with frightening accuracy, and affects up to 90% of Android users worldwide.
The study is based on the analysis of GPS data from an area of 40,000 square kilometers. different environments using differentiated Android devices equipped with different GPS chipsets.
AndroCon implements machine learning (ML) algorithms to convert partially processed GPS signals into a powerful tool for environmental sensing, human activity recognition, and indoor mapping.
Traditionally, GPS-based sensing has been limited to basic location and signal strength data.
However, with the release of Android 7, apps allow access to more GPS data as part of 39 functions such as signal strength, Doppler shifts, and SNR.
By analyzing the data available to apps, AndroCon can determine whether the user is indoors or outdoors, moving or standing, in a crowded place, or even in close proximity to certain landmarks such as stairs or elevators.
The method provides an astounding accuracy of 99.6% in determining the context of the environment and an accuracy of 87% in classifying human activity.
Even more serious is AndroCon's ability to create floor plans with an accuracy of just 4 meters, allowing attackers to reconstruct detailed floor plans of buildings without having to access other sensors and cameras.
In addition, AndroCon is able to provide attackers with the ability to track users' movements inside buildings, identify their encounters, or even target specific individuals in crowded areas.
The researchers emphasize that the vulnerability works even when the device is in airplane mode and when all communication channels are turned off while applications retain access to GPS data.
The results of the study were presented to Android developers, who acknowledged the problems and are now working to fix them.
However, the researchers warn that until Android implements stronger security measures, users should remain vigilant about the permissions that are granted to apps.
Source
