Privacy concerns on smartphones have been raised by the public as more and more personal data are now stored on them. In this paper, we show that location information can be compromised through mobile inertial sensors which are considered insensitive and accessible by any mobile application in both iOS and Android without special privilege. We present MISSILE, an automatic system that can infer users' indoor location using labeled sensor data as prior knowledge. The key idea is that when a user reaches a particular indoor location, it is very likely that he/she has passed through some unique interior structures of a building, such as winding corridors, fire stop doors or elevators. These structures exhibit repeatable motion and environment patterns in mobile sensors that can be recognized by supervised learning. In our MISSILE system, the location labels of training data are automatically attained by Bluetooth beacons deployed in sensitive locations. With effective feature extraction procedure robust modeling, MISSILE shows good success rate for inference attack. For example, in a university campus with 15 sensitive locations, MISSILE achieves up to 73% correct prediction score whereas a random guess can only achieve 1/(15 + 1) = 6.25%. Further improvements on system performance and countermeasures are also discussed.
|Pages (from-to)||3137 - 3151|
|Number of pages||15|
|Journal||IEEE Transactions on Information Forensics and Security|
|Publication status||Published - Sep 2019|