You probably know that your smartphone could well be used against you. Having cracked the gadget, you can access its cameras or microphones. Hence, everything that you shoot and say, can be transferred to third parties. The possibilities of modern smartphone espionage are not limited to this. In theory, there are a number of other less obvious ways to get information about where you are and what you are doing right now.
1. Keylogger based on gyro data
All modern smartphones are equipped with a gyroscope. This sensor is needed to determine the exact direction of the gadget’s tilt, which can be used to automatically activate some functions or control a car in a racing game.
With each year, these sensors are becoming more accurate. Theoretically, their sensitivity to the slightest fluctuations can be used by intruders against you. This has been provenSingle-stroke language-agnostic keylogging using stereo-microphones and domain specific machine learning. researchers at Northeastern University of Boston. With the help of a gyro and a microphone, they managed to create a fairly accurate keylogger.
When you use the on-screen keyboard, your smartphone tilts slightly at each touch. Recognizing the slightest bias with a gyroscope, the keylogger can guess the sample text that you type. The possible variations are corrected taking into account the intensity of the sound produced when the display glass is touched. The microphones of the smartphone already help with this. Using a combination of these sensors and a set of algorithms, researchers from the first time managed to guess the pressed keys with an accuracy of 90-94%.
2. Determination of the location without GPS
Even with the GPS off, you can determine the location of the device by using the cell towers and Wi-Fi points with geolocation information bound to them. However, you can get information about the user’s location even without access to such data.
The same group of researchers from Northeastern University triedSingle-stroke language-agnostic keylogging using stereo-microphones and domain specific machine learning. this is demonstrated using smartphone sensors, which applications can use without special permissions. The result of their work was a program involving a gyroscope, an accelerometer and a magnetometer.
Taking as a basis the map of the area in which the person was, the application made it possible to track all movements on the car. The accelerometer was used to determine movement and stops. The magnetometer fixed the direction of motion. The gyroscope measured the angles of rotation, allowing you to accurately track when and to what direction the machine was turning.
A special algorithm combined the data from all these sensors and formed an approximate displacement scheme for them. It was compared with the real routes in the area where the surveillance was conducted. According to such data it is possible to determine exactly where and when the user went, how much time he spent on it.
3. Tracking through advertising banners
There is another way to determine the location of a person without direct access to the GPS data of his smartphone. This method was described by researchers at the University of Washington, who used banner advertising for mobile. The minimum deposit for placing such an ad through Google AdWords and Facebook was $ 1,000.
Buying such a banner, you can specify in which application and for which unique device identifiers you want to display. Also, the researchers indicated a three-mile square geo-zone, when it was in the selected applications displayed ads.
Each time the target phone used the specified application, information about the device, time and location was sent to the banner holders. With this information, the research team was able to track the user’s location within 25 feet (~ 7.6 meters). True, this is possible, as long as the application remains open for four minutes or it was launched twice in the same place.
Of course, this method of surveillance requires the constant use of a certain application. Part of this obstacle can be circumvented if you place banners in the most popular programs. It is also necessary to know in advance the specific advertising identifier of the device of a particular person. However, even without it, this method can well be used to monitor the population of the selected location.
4. Viewing visited links through the light sensor
The ambient light sensor allows you to adjust the brightness of your smartphone’s display. You will be surprised, but even this seemingly innocuous sensor can be used against you.
Lukasz Olejnik (Lukasz Olejnik) clearly illustrated thisStealing sensitive browser data with the W3C Ambient Light Sensor API. , creating an application that, based on data from the light sensor, determines the color of the links visited by the user. Simply put, the light emitted by your screen can be accurately recognized by this sensor. This allows you to determine which web pages you have migrated to.
Web sites can display different colors for links. For example, the text can be light blue if you have not visited it before, but it will turn purple after the first click. The site itself, of course, can not recognize what color a link for a particular user is displayed, because the browser captures the transitions. However, if the representatives of the web resource get access to the data of the light sensor of your smartphone, they can determine, by the light coming from the screen, whether you passed previously on the displayed link or not.
Especially it is noticeable on contrasting pages with a dark background of the text and light allocation of hyperlinks. It is worthwhile for you to stumble upon them, as the sensor detects an increase in the level of light from the screen. In theory, this way, without your knowledge, you can create lists of all the pages you visit.
5. Identification of users and properties nearby
The vast majority of smartphones have a proximity sensor. It is used to turn off the touch screen when you are calling. Otherwise, during a conversation, you would continue to press the buttons on the display.
This sensor not only detects that objects are close to the screen, but also can measure the distance to them. Each of us keeps the smartphone at a different distance depending on the growth, the length of the hands, the vision and other factors. Based on all this information, the application can quite differentiate users and their behavioral features.
The accuracy of such a method may be low, but in combination with the same target mobile banners, advertisers can identify their target audience. In addition, using the proximity sensor, you can determine the distance to nearby objects surrounding the user. And this can be additional guidance when you are not using GPS.
Each of these methods is still described as a theoretical one. So far none of them has received wide circulation. However, it is possible that this is only a matter of time.