Wearable Devices: A Tool for the Malicious Reconnaissance of Private Spaces
Fyke, Zakery Alexander
MetadataShow full item record
The ownership of smart devices such as smartphones and smartwatches has drastically increased. These devices come equipped with a broad range of sensors which are considered to be benign by the operating system and, therefore, are not protected by standard permissions which guard other vulnerabilities such as the user’s location and camera access. In this work, we show that the gyroscope and accelerometer – two of the sensors considered to be benign – can be used to drive a privacy attack that stealthily maps out a user’s private space with high accuracy. In particular, we show that a mobile app with access to this data can leverage it to analyze a user’s step execution dynamics, turn operations, and general body movement activities and then methodically combine this information to map out paths and landmarks in protected spaces, such as houses. The landmarks, in this case, would include sitting areas, bathrooms, kitchens, etc., while paths are the walkways such as corridors or hallways within the space. The combination of this information provides a detailed representation of the private space. Using a dataset of 26 users who executed a number of activities around the Computer Science department and a combination of classification, regression, and distance matching techniques, we show this privacy attack to generate maps whose Normalized Hausdorff Distance from the ground-truth is as low as 0.1159. The attack has significant security implications for tightly guarded spaces, such as areas of military significance like the Pentagon and other military installations, since it provides functionality analogous to a poor man’s camera given its ability to provide visuals of the relative locations of key landmarks based on devices that may not typically be barred from these facilities. Even in domestic settings such as homes, the attack could still be a threat; a tool for stalking or reconnaissance by bad actors who only require that the relevant app be installed on their target’s device.