Dongyao Chen (Shanghai Jiao Tong University), Mert D. Pesé (Clemson University), Kang G. Shin (University of Michigan, Ann Arbor)

Driving apps, such as navigation, fuel-price, and road services, have been deployed and used widely. The car-related nature of these services may motivate them to infer the type of their users’ vehicles. We first apply systematic analytics on real-world apps to show that the vehicle-type — seemingly unharmful — information may have serious privacy implications. Next, we demonstrate that attackers can harvest the features of these mobile apps to infer the car-type information in a stealthy way. Specifically, we explore the use of zero-permission mobile motion sensors to extract spectral features for differentiating the engines and body types of vehicles. Based on our experimental results of 17 different cars, we have achieved 82+% and 85+% overall accuracy in identifying three major engine types and four popular body types, respectively.

View More Papers

The evolution of program analysis approaches in the era...

Alex Matrosov (CEO and Founder of Binarly Inc.)

Read More

Towards a Unified Cybersecurity Testing Lab for Satellite, Aerospace,...

Andrei Costin, Hannu Turtiainen, Syed Khandkher, Timo Hamalainen Presenter: Andrei Costin

Read More

VulHawk: Cross-architecture Vulnerability Detection with Entropy-based Binary Code Search

Zhenhao Luo (College of Computer, National University of Defense Technology), Pengfei Wang (College of Computer, National University of Defense Technology),...

Read More

Do Privacy Labels Answer Users' Privacy Questions?

Shikun Zhang, Norman Sadeh (Carnegie Mellon University)

Read More