MarcoPolo: A Zero-Permission Attack for Location Type Inference from the Magnetic Field using Mobile Devices

TL;DR

This paper demonstrates a zero-permission attack that infers location types using magnetic field data from mobile device magnetometers, achieving around 40% accuracy without needing user permissions.

Contribution

It introduces a novel method for location-type inference exploiting magnetometer data, bypassing permission restrictions and using multiple classification techniques evaluated in real-world settings.

Findings

Achieved approximately 40% accuracy in location-type classification.

Demonstrated effectiveness across different devices and locations.

Validated the attack's feasibility in real-world scenarios.

Abstract

Location information extracted from mobile devices has been largely exploited to reveal our routines, significant places, and interests just to name a few. Given the sensitivity of the information it reveals, location access is protected by mobile operating systems and users have control over which applications can access it. We argue that applications can still infer the coarse-grain location information by using alternative sensors that are available in off-the-shelf mobile devices that do not require any permissions from the users. In this paper we present a zero-permission attack based on the use of the in-built magnetometer, considering a variety of methods for identifying location-types from their magnetic signature. We implement the proposed approach by using four different techniques for time-series classification. In order to evaluate the approach, we conduct an in-the-wild study to collect a dataset of nearly 70 hours of magnetometer readings with six different phones at 66 locations, each accompanied by a label that classifies it as belonging to one of six selected categories. Finally, using this dataset, we quantify the performance of all models based on two evaluation criteria: (i) leave-a-place-out (using the test data collected from an unknown place), and (ii) leave-a-device-out (using the test data collected from an unknown device) showing that we are able to achieve 40.5% and 39.5% accuracy in classifying the location-type for each evaluation criteria respectively against a random baseline of approximately 16.7% for both of them.