Security Affairs
U.S. Government Agency Paid $1M to Data Extortion Group Kairos|FBI: TeamPCP Compromised Dev Tools to Steal Cloud Credentials|Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|U.S. Government Agency Paid $1M to Data Extortion Group Kairos|FBI: TeamPCP Compromised Dev Tools to Steal Cloud Credentials|Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Meet PinME, A Brand New Attack To Track Smartphones With GPS Turned Off.

Researchers from Princeton University have developed an app called PinME to locate and track smartphone without using GPS. The research team led by Prateek Mittal, assistant professor in Princeton’s Department of Electrical Engineering and PinMe paper co-author developed the PinMe application that mines information stored on smartphones that don’t require permissions for access. The data […]

pinme

Researchers from Princeton University have developed an app called PinME to locate and track smartphone without using GPS.

The research team led by Prateek Mittal, assistant professor in Princeton’s Department of Electrical Engineering and PinMe paper co-author developed the PinMe application that mines information stored on smartphones that don’t require permissions for access.

The data is processed alongside with public available maps and weather reports resulting on information if a person is traveling by foot, car, train or airplane and their travel route. The applications for intelligence and law enforcement agencies to solve crimes like kidnapping, missing people and terrorism are very significant.

As the researchers notice, the application utilizes a series of algorithms to locate and track someone using information like the phone IP address and time zone combined with data from its sensors. The phone sensors collect compass details from the gyroscope, air pressure reading from barometer and accelerometer data while remaining undetected from the user. The resulting data processed can be used to extract contextual information about users’ habits, regular activities, and even relationships.

This technology as many others have two sides: Help solving crimes at large, and implications on privacy and security of the users.  The researchers hope to be fomenting the development of security measures to switch off sensor data by revealing this sensor security flaw. Nowadays such sensor data is collected by fitness and game applications to track people movement.

Another key point where the application can be a game changer is an alternative navigation tool, as highlighted by the researchers. Gps signals used in autonomous cars and ships can be the target of hackers putting the safety of the passengers in danger. The researchers conducted their experiment using Galaxy S4 i9500, iPhone 6 and iPhone 6S. To determine the last Wi-Fi connection, the PinMe application read the latest IP address used and the network status.

pinme

To determine how a user is traveling, the application utilizes a machine learning algorithm that recognizes the different patterns of walking, driving and flying by gathering data from the phones sensor like speed, direction of travel, delay between movement and altitude.

Once determined the pattern of activity of a user, the application then executes one of four additional algorithms to determine the type transportation. By comparing the phone data against public information the route of the user is determined. Maps from Google and the U.S. Geological Survey were used to determine the altitude details of every point on Earth. Details regarding temperature, humidity, and air pressure reports were also used to determine the use of trains or planes.

The researchers wanted also to raise the question about privacy and data collected without the user consent as Prateek Mittal states: “PinMe demonstrates how information from seemingly innocuous sensors can be exploited using machine-learning techniques to infer sensitive details about our lives”.

Sources:

https://gizmodo.com/how-to-track-a-cellphone-without-gps-or-consent-1821125371

https://nakedsecurity.sophos.com/2017/12/19/gps-is-off-so-you-cant-be-tracked-right-wrong/

https://www.princeton.edu/news/2017/11/29/phones-vulnerable-location-tracking-even-when-gps-services

https://www.theregister.co.uk/2018/02/07/boffins_crack_location_tracking_even_if_youve_turned_off_the_gps/

https://www.helpnetsecurity.com/2018/02/07/location-tracking-no-gps/

https://www.bleepingcomputer.com/news/security/apps-can-track-users-even-when-gps-is-turned-off/

https://arxiv.org/pdf/1802.01468.pdf

http://ieeexplore.ieee.org/document/8038870/?reload=true

About the author Luis Nakamoto

Luis Nakamoto is a Computer Science student of Cryptology and an enthusiastic of information security having participated in groups like Comissão Especial de Direito Digital e Compliance (OAB/SP) and CCBS (Consciência Cibernética Brasil) as a researcher in new technologies related to ethical hacking, forensics and reverse engineering. Also, a prolific and compulsive writer participating as a Redactor to Portal Tic from Sebrae Nacional.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – PinME, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]