By Guevara Noubir, Northeastern University
U.S. military officials were recently caught off guard by revelations that servicemembers’ digital fitness trackers were storing the locations of their workouts – including at or near military bases and clandestine sites around the world. But this threat is not limited to Fitbits and similar devices. My group’s recent research has shown how mobile phones can also track their users through stores and cities and around the world – even when users turn off their phones’ location-tracking services.
Fitness trackers report their location and map the Burning Man festival in the Nevada desert. Screenshot of Strava Heat Map
The vulnerability comes from the wide range of sensors phones are equipped with – not just GPS and communications interfaces, but gyroscopes and accelerometers that can tell whether a phone is being held upright or on its side and can measure other movements too. Apps on the phone can use those sensors to perform tasks users aren’t expecting – like following a user’s movements turn by turn along city streets.
Most people expect that turning their phone’s location services off disables this sort of mobile surveillance. But the research I conduct with my colleagues Sashank Narain, Triet Vo-Huu, Ken Block and Amirali Sanatinia at Northeastern University, in a field called “side-channel attacks,” uncovers ways that apps can avoid or escape those restrictions. We have revealed how a phone can listen in on a user’s finger-typing to discover a secret password – and how simply carrying a phone in your pocket can tell data companies where you are and where you’re going.
Making assumptions about attacks
When designing protection for a device or a system, people make assumptions about what threats will occur. Cars, for instance, are designed to protect their occupants from crashes with other cars, buildings, guardrails, telephone poles and other objects commonly found in or near roads. They’re not designed to keep people safe in cars driven off a cliff or smashed by huge rocks dropped on them. It’s just not cost-effective to engineer defenses against those threats, because they’re assumed to be extremely uncommon.
Similarly, people designing software and hardware make assumptions about what hackers might do. But that doesn’t mean devices are safe. One of the first side-channel attacks was identified back in 1996 by cryptographer Paul Kocher, who showed he could break popular and supposedly secure cryptosystems by carefully timing how long it took a computer to decrypt an encrypted message. The cryptosystem designers hadn’t imagined that an attacker would take that approach, so their system was vulnerable to it.
There have been many other attacks through the years using all sorts of different approaches. The recent Meltdown and Spectre vulnerabilities that exploit design flaws in computer processors, are also side-channel attacks. They enable malicious applications to snoop on other applications’ data in the computer memory.
No comments:
Post a Comment