While riding on a subway with no cell connection and no GPS, you can still be tracked by a hacker using malware to just capture your smartphone's motion data, Chinese researchers say.
A team of researchers from Nanjing University found they could trace a subway rider's movements with up to 92 percent accuracy, using just accelerometers and other motion sensors common in most smartphones.
A hacker could create malware that learns the "fingerprint" of any underground metro system, then steals accelerometer readings from a victim's smartphone to track him with accuracy, the researchers say in their published study, "We Can Track You If You Take the Metro: Tracking Metro Riders Using Accelerometers on Smartphones."
The malware wouldn't need any input from GPS, which is often disabled or unavailable underground, to trace someone's movements and accurately infer where they've gotten on and off the train, based on a subway system's "fingerprint," they say.
"Metro trains run on tracks, making their motion patterns distinguishable from cars or buses running on ordinary roads," they explain.
A train journeying between two neighboring stations produces a distinctive fingerprint in the readings of a 3-axis accelerometer commonly built into a mobile device, and from that a hacker could infer the riding trace of a passenger, the researchers wrote.
"Moreover, due to the fact that there are no two pairs of neighboring stations whose connecting tracks are exactly the same in the real world, the motion patterns of the train within different intervals are distinguishable as well," they said.
To test their hypothesis, the researchers sent volunteers with compromised smartphones into the Nanjing subway system, and were able to track their underground voyages with accuracy between 70 percent and 92 percent.
That raises some disturbing possibilities, they say; if a hacker was able to trace a person's movements over a period of time they could learn that person's daily schedule, and perhaps identify their working and living locations.
That could conceivably put that person at risk for their personal safety, they say.
Such tracking is possible because the data from a phone's motion sensors isn't as secure as cellular or GPS connections, which phone manufacturers have taken great pains to lock down.
A user isn't informed, and therefore doesn't know, when an app - legitimate or otherwise - reads information from an accelerometer or similar sensor.
Another recent study has found that a phone's Wi-Fi connections are another way to track the location of a phone - and therefore the location and movements of its owner.
