Real-time location tracking on the cheap: $1,000 is all it takes
What would you buy for $1,000? The new iPhone? A 60-inch LED TV? 3 years’ worth of subscriptions to Netflix, Amazon Video, and Hulu? Or access to someone’s whereabouts as they move from their home to office and other places?
A surprisingly modest budget of $1,000 is all it takes to exploit an individual’s online advertising network to track their location and learn what kind of apps they are using, according to a research at the University of Washington.
Are you kidding me? How can someone do that?
The creep would first need to obtain their target’s mobile advertising ID (MAID) which play a role similar to the cookies on a website and help marketer’s dish out targeted ads to a user. Now, obtaining this MAID is not too hard a task, the researchers have explained. Anyone in the Wi-Fi range of the target when they are on an unsecured network or anyone with access to the Wi-Fi router the target uses – even temporarily – can quickly sniff out the MAID. In fact, if the target has clicked on any of the attacker’s ads in the past, extracting the MAID becomes a cakewalk.
After that, it is just a matter of purchasing ads targeted to specific apps and locations – easily achievable in a reasonably cheap budget of $1,000. These ads will show up only if a user opens a particular app at a particular location. Within mere 10 minutes of the target’s arrival at a location, the attacker would learn about it through the ad network – this, without the target ever clicking on or engaging with the ad in any manner.
The map above shows the morning commute of a research subject. The red dots represent the places where the researchers were able to track that person’s movement. These include the target’s home, a coffee shop, bus stop and workplace. A targeted ad would show up if the individual stayed in one location for about four minutes. Hence the absence of red dots along the bus route and the walking track.
Anybody from a burglar, stalker, disgruntled spouse or an ideological vigilante can easily exploit this highly-targeted spy network to extract private information about other people. Serving ads targeted to specific apps would also allow malicious minds to learn sensitive information about their targets, such as sexual orientation or religious beliefs. For example, an anti-gay group could location-target gay bars and serve ads in apps like Grindr to expose the gay population in that area. Or paparazzi could send ads targeted for pregnancy trackers to the home locations of celebrities.
“To be very honest, I was shocked at how effective this was,” Tadayoshi Kohno, co-author of the study told UWNews. “We did this research to better understand the privacy risks with online advertising. There’s a fundamental tension that as advertisers become more capable of targeting and tracking people to deliver better ads, there’s also the opportunity for adversaries to begin exploiting that additional precision. It is important to understand both the benefits and risks with technologies.”
Now, it seems like that never using any apps or visiting websites with ads may be the only solution, but the researchers urge ad networks to be more proactive in taking action that would mitigate attacks. For example, Facebook and Google – with their large user bases – have thresholds on how few users an ad can specify that it targets (20 and 1,000, respectively). But given the problem of market incentive with other ad networks, legal regulations may prove to be more effective. But till that happens, we urge you to reset your device identifiers like cookies and the MAIDs on a regular basis.
Garmin is bringing Alexa-powered GPS navigation to your car
Portable navigation device company Garmin has joined forces with Amazon to bring you an all-new driving companion cum digital assistant, Alexa. The interactive device, called Speak, is the first in-car gadget that would pair Garmin’s GPS navigation prowess with turn-by-turn audio instructions from Alexa.
The 1.5-inch device, which works with the audio system of your car, even has a tiny LED display unit to tell you which direction you need to follow and when your next turn is. All you have to do is give simple instructions to Alexa, like “Alexa, ask Garmin to find the nearest pharmacy” and Speak will take care of the rest.
Garmin has specified that no fees or subscriptions will be needed to access the navigation data. Moreover, map information is automatically kept up-to-date, with live information on traffic conditions and possible delays also being available. You can also tap in Alexa’s knowledge for other updates, such as the weather forecast and sports results. Moreover, the device lets you access your smart home appliances like lights and locks remotely from the car.
Ned Curic, vice president of automotive at Amazon Alexa, has explained in a statement, “Our vision is that the Alexa service will be everywhere our customers want it, including inside the car. Alexa on the Garmin Speak can help customers with many things, like controlling their smart home from the road, getting news or traffic, listening to audiobooks, adding items to a shopping list, and ordering dinner with just their voice.”
It is interesting to note that while automakers like BMW plan to integrate Alexa directly into their vehicles sometime next year, a simple Garmin Speak device will prove to a be a much more economical solution for those who want to gain from Alexa’s wisdom while keeping both hands on the wheel.