Unmasking Using Accelerometer Signatures

You are commuting to work by bus. While sitting on the bus, you open your favorite social app. Even though it is your favorite app, you don’t trust it enough to share your location with it. At the next stop, a passenger gets on the bus. The passenger sits on the bus and opens the same social app. But the passenger shares their precise location with the app. Now, if this social app is reading accelerometer data on your phone as well as the passenger’s phone, the app can easily figure out that both phones experience the same vibration pattern. Indeed, both phones are going to record the same vibrations, e.g. when the bus takes off, stops, and swerves left or right. The app now knows that you and the passenger are together in the same environment, hence same location. Don’t be surprised if you receive a recommendation from the app to add this passenger as a friend.

https://www.mysk.blog/2021/10/24/accelerometer-ios/

A coordinated attack could take this even further. Each bus could be equipped with a phone running an app that (1) is recording the accelerometer data and (2) is recording the bus line and location. This data could be combined with an accelerometer signature recorded in a widely used app like Instagram.

In the case of a popular cause like the Boston Marathon bombing, it’s easy to imagine public support.

Further reading: https://dl.acm.org/doi/abs/10.1145/3309074.3309076

4 thoughts on “Unmasking Using Accelerometer Signatures

  1. Ironic bc until recently accuracy of mobile accelerometer IP like MEMS were crap. Sensor fusion helps, but noisy reading are pervasive.

    1. That’s a fascinating point. The quality of readings had to exceed a threshold, and then two both use cases and risks blew up.

  2. Without initial GPS point, accelerometer readings want indexing for analysis, to compare your journey subsets with everybody for concurrence. Is big-o lot of work. Timestamps cut it down. If streamed to cloud with timestamp, then easier to find confidence. Noise still problem.

    1. Yes, big-O scale matching without a timestamp.

      Do you know of current production apps or research using accelerometer reading matching, Igor?

Leave a Reply

Your email address will not be published.