floating car data from smartphones what google and waze
play

Floating Car Data from Smartphones: What Google And Waze Know About - PowerPoint PPT Presentation

Nov 13, 2022 •415 likes •951 views

Floating Car Data from Smartphones: What Google And Waze Know About You and How Hackers Can Control Traffic Black Hat | Europe March 12-15, 2013 Tobias Jeske Institute for Security in Distributed Applications TU Hamburg-Harburg

  1. Floating Car Data from Smartphones: What Google And Waze Know About You and How Hackers Can Control Traffic Black Hat | Europe March 12-15, 2013 Tobias Jeske Institute for Security in Distributed Applications TU Hamburg-Harburg tobias.jeske@tu-harburg.de Tobias Jeske: Floating Car Data from Smartphones p. 1/53

  2. Agenda Agenda • Introduction • Protocol Analysis Google Protocol Waze Protocol • Evaluation Privacy Authenticity / Attack • Solution Requirements Zero-Knowledge Protocols Protocol Discussion • Conclusion Tobias Jeske: Floating Car Data from Smartphones p. 2/53

  3. Introduction Agenda • Introduction • Protocol Analysis Google Protocol Waze Protocol • Evaluation Privacy Authenticity / Attack • Solution Requirements Zero-Knowledge Protocols Protocol Discussion • Conclusion Tobias Jeske: Floating Car Data from Smartphones p. 3/53

  4. Introduction TMC • Navigation devices receive traffic reports on the Traffic Message Channel (TMC) • Sources → the police, traffic cameras, inductive loops, volunteers... • Radio stations transmit TMC data in the non-audible range of the FM frequency band • TMC is widespread, however,... • traffic reports are often out of date • low transfer rate • In 2007 Andrea Barisani and Daniele Bianco showed how counterfeited TMC messages can be sent to navigation devices [3] • TMC data is not transmitted encrypted but... • it is necessary that the navigation devices are in the range of the transmitter Tobias Jeske: Floating Car Data from Smartphones p. 4/53

  5. Introduction Google Live Traffic • In 2007, Google added Google Live Traffic to Google Maps [7] • Google uses position data of smartphones with Android operating system [2] • Floating Car Data (FCD) • Real-time traffic information • Since 2011, Google Live Traffic has been used to optimize route calculation in Google Navigation [9] → traffic jams avoidance! Tobias Jeske: Floating Car Data from Smartphones p. 5/53

  6. Introduction Waze • Free GPS application, which uses FCD of smartphones in order to generate traffic information in real- time [12] • The application can be installed on Android, IOS, Windows Mobile, Symbian and BlackBerry • In the iTunes Store top 20 of free apps → 36 million users end of 2012 • Users can add new roads, report accidents, traffic jams and speed traps directly via the Waze-App Tobias Jeske: Floating Car Data from Smartphones p. 6/53

  7. Protocol Analysis Agenda • Introduction • Protocol Analysis Google Protocol Waze Protocol • Evaluation Privacy Authenticity / Attack • Solution Requirements Zero-Knowledge Protocols Protocol Discussion • Conclusion Tobias Jeske: Floating Car Data from Smartphones p. 7/53

  8. Protocol Analysis Google Protocol • Smartphone data is transmitted to https://www.google.com/loc/m/api • Man-in-the-middle attack using mitmproxy [1] • Google Nexus S smartphone with Android 4 • Install root certificate from mitmproxy • Configure a system-wide proxy server • Analyze packets and source code (only available for older Android versions, Apache License version 2.0) smartphone mitmproxy Provider Tobias Jeske: Floating Car Data from Smartphones p. 8/53

  9. Protocol Analysis mitmproxy MASF header is marked red compressed protobuf payload is marked blue Tobias Jeske: Floating Car Data from Smartphones p. 9/53

  10. Protocol Analysis Google Protocol • The protocol is a request/response protocol and based on MASF (Mobile Application Sensing Framework) The Google Protocol in a nutshell: • Smartphone sends Google status information of the GPS, wireless and mobile unit → data amount depends on the units activated and the system configuration • Google responds with the (approximate) location of the phone → speeds up later location determination Tobias Jeske: Floating Car Data from Smartphones p. 10/53

  11. Protocol Analysis MASF Request Message 00 02 00 a 0 . . . a ℓ x b 0 . . . b 7 c 0 c 1 c 2 c 3 00 “g” app name, app fixed cookie encoding MASF version, platform ID, body length distri. channel plain 01 00 d 0 d 1 “g:loc/ql” 00 00 e 0 e 1 e 2 e 3 f 0 . . . f ℓ f block ID service URI service payload length payload version (protobuf) zipped 01 01 d 0 d 1 “g:loc/ql” 00 00 6 d 72 00 00 “ROOT” 00 e 0 e 1 e 2 e 3 f 0 . . . f ℓ f “g” g block ID service URI service MIME ROOT payload length payload version (protobuf) Tobias Jeske: Floating Car Data from Smartphones p. 11/53

  12. Protocol Analysis MASF Response Message j 0 . . . j ℓ j k 0 k 1 k 2 k 3 n 0 . . . n ℓ n 00 02 g 0 g 1 g 2 g 3 81 00 h 0 h 1 i 1 i 1 response status fixed overall length ID encoding payload length payload type code (protobuf) Tobias Jeske: Floating Car Data from Smartphones p. 12/53

  13. Protocol Analysis Protocol Buffers Payload • Protocol Buffers [8] to encode payload • Data format developed by Google to serialize data structures • Binary format → high processing speed and data density • Open source since July 2008 • Request: • Request element contains zero, one or more profiles → Cellular , Wifi and Location (GPS) • Platform profile Platform → android/google/soju/crespo:4.0.4/IMM76D/ 299849:user/release-keys Platform Key → pseudonym to track smartphone • Response: • Current position (if possible) • Location of individual Wi-Fi AP and radio towers • New Platform Key (optional) Tobias Jeske: Floating Car Data from Smartphones p. 13/53

  14. Protocol Analysis Protocol Buffers Payload (Request) message LatLngMsg message RequestMsg required fixed32 Lat = 1; message PlatformProfileMsg required fixed32 Lng = 2; required string Version = 1; optional string Platform = 2; message LocationProfileMsg optional string PlatformKey = 3; optional LatLngMsg LatLng = 1; optional string Locale = 5; optional int32 Accuracy = 3; optional int64 Timestamp = 6; message CellularPlatformProfileMsg optional int32 LocType = 8; optional int32 RadioType = 1; optional int32 Altitude = 10; optional string Carrier = 2; optional fixed32 Speed = 16; optional int32 HomeMnc = 4; optional bool PluggedIn = 17; optional int32 HomeMcc = 5; optional CellularPlatformProfileMsg CellPlatformProfile = 6; message CellMsg required int32 Lac = 1; required PlatformProfileMsg PlatformProfile = 1; required int32 Cellid = 2; message RequestElementsMsg optional int32 Mnc = 3; optional int32 Mcc = 4; message CellularProfileMsg optional int32 Rssi = 5; required CellMsg PrimaryCell = 1; optional int32 RadioType = 10; required int64 Timestamp = 2; optional CellularProfileMsg CellularProfile = 1; message WifiDeviceMsg required string MAC = 1; message WifiProfileMsg optional string SSID = 2; required int64 Timestamp = 1; optional int32 Rssi = 4; repeated WifiDeviceMsg WifiDevice = 2; optional WifiProfileMsg WifiProfile = 2; optional LocationProfileMsg LocationProfile = 3; repeated RequestElementsMsg RequestElements = 4; Tobias Jeske: Floating Car Data from Smartphones p. 14/53

  15. Protocol Analysis Protocol Buffers Payload (Response) message LatLngMsg message ResponseMsg required fixed32 Lat = 1; required int32 Status = 1; required fixed32 Lng = 2; message LocReplyElementMsg required int32 Status = 1; message LocationProfileMsg optional LocationProfileMsg Location = 2; optional LatLngMsg LatLng = 1; optional int32 Accuracy = 3; message DeviceLocationMsg optional int64 Timestamp = 6; optional LocationProfileMsg Location = 1; optional int32 LocType = 8; optional CellMsg Cell = 2; optional int32 Altitude = 10; optional fixed32 Speed = 16; optional WifiDeviceMsg WifiDevice = 3; optional bool PluggedIn = 17; repeated DeviceLocationMsg DeviceLocation = 3; message CellMsg repeated LocReplyElementMsg LocReplyElement = 2; required int32 Lac = 1; optional string PlatformKey = 3; required int32 Cellid = 2; optional int32 Mnc = 3; optional int32 Mcc = 4; optional int32 Rssi = 5; optional int32 RadioType = 10; message WifiDeviceMsg required string MAC = 1; optional string SSID = 2; optional int32 Rssi = 4; Tobias Jeske: Floating Car Data from Smartphones p. 15/53

  16. Protocol Analysis Agenda • Introduction • Protocol Analysis Google Protocol Waze Protocol • Evaluation Privacy Authenticity / Attack • Solution Requirements Zero-Knowledge Protocols Protocol Discussion • Conclusion Tobias Jeske: Floating Car Data from Smartphones p. 16/53

  17. Protocol Analysis Waze Protocol • Simple request/response protocol • Complete source code is released under the GNU General Public License v2 • Position data is transmitted in the clear • TLS for login • Use mitmproxy to record packets • Transmitted data is encoded as an ASCII string • User usually registers himself before using the app • User gets a server ID and a cookie from the server • All subsequent messages contain the ID and the cookie Tobias Jeske: Floating Car Data from Smartphones p. 17/53

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Compar ing Waze and T MC Data Aug ust 25, 2020 Chie f, T MC Ope ra tio ns, Jason Dic e mbr

Compar ing Waze and T MC Data Aug ust 25, 2020 Chie f, T MC Ope ra tio ns, Jason Dic e mbr

Compar ing Waze and T MC Data Aug ust 25, 2020 Chie f, T MC Ope ra tio ns, Jason Dic e mbr e MDOT SHA Offic e o f T ra nspo rta tio n Mo b ility & Ope ra tio ns (OT MO) Dire c to r o f I nfo rma tio n Re se a rc h, AE M Co rpo ra

266 views • 16 slides
on Smartphones & Tablets with Trusted Computing Stefan Saroiu Microsoft Research (Redmond)

on Smartphones & Tablets with Trusted Computing Stefan Saroiu Microsoft Research (Redmond)

Protecting Data on Smartphones & Tablets with Trusted Computing Stefan Saroiu Microsoft Research (Redmond) Smartphones have displaced PCs as the primary computing device Smartphones Store Sensitive Data Sensor Readings Have Value

1.34k views • 83 slides
Agencies Data September 14, 2017 I-95 Corridor Coalition - Crowdsourcing Summit 1

Agencies Data September 14, 2017 I-95 Corridor Coalition - Crowdsourcing Summit 1

Rob Bamford TRANSCOM Integrating Waze data with Public Agencies Data September 14, 2017 I-95 Corridor Coalition - Crowdsourcing Summit 1 Integrating Waze Data with Public Agencies Data TRANSCOM I-95 Crowdsourcing Summit September

624 views • 27 slides
There are three prime targets for attackers: Data : smartphones are devices for data

There are three prime targets for attackers: Data : smartphones are devices for data

Security & Knowledge Management a.a. 2019/20 There are three prime targets for attackers: Data : smartphones are devices for data management, and may contain sensitive data like credit card numbers, authentication information,

334 views • 10 slides
Floating Point Data CSCI 125 & 161 / ENGR 144 Floating point numbers are not exact

Floating Point Data CSCI 125 & 161 / ENGR 144 Floating point numbers are not exact

Floating Point Data CSCI 125 & 161 / ENGR 144 Floating point numbers are not exact Value 0.1 is very close to 1/10, but not Lecture 13 precisely equal to it 0.1 10 = 0.000110011001100110011... 2 Cannot rely on accuracy of

313 views • 3 slides
FLOATING POINT REPRESENTATION ABOUT FLOATING POINTS Integer Data Type 32-bit unsigned integers

FLOATING POINT REPRESENTATION ABOUT FLOATING POINTS Integer Data Type 32-bit unsigned integers

FLOATING POINT REPRESENTATION ABOUT FLOATING POINTS Integer Data Type 32-bit unsigned integers limited to whole numbers from 0 to just over 4 billion What about national debt, Avogadros number, Googlethe number? 64-bit

229 views • 22 slides
Unobtrusive Sleep Monitoring using Smartphones Ying Wang

Unobtrusive Sleep Monitoring using Smartphones Ying Wang

Unobtrusive Sleep Monitoring using Smartphones Ying Wang https://play.google.com/store/apps/detail s?id=org.bewellapp About the Application Sleep quality and quantity impacts personal health. --blood pressure --high stress --anxiety

301 views • 19 slides
Google Analytics Overview Whats Google Analytics? The Google Analytics

Google Analytics Overview Whats Google Analytics? The Google Analytics

Google Analytics Overview Whats Google Analytics? The Google Analytics implementation formula. Steps involved in installing Google Analytics. Tracking events, campaigns and ecommerce data. Creating goals and funnels

652 views • 40 slides
Lecture 3 Floating Point Representations 1 Floating-point arithmetic We often incur

Lecture 3 Floating Point Representations 1 Floating-point arithmetic We often incur

ECE 0142 Computer Organization Lecture 3 Floating Point Representations 1 Floating-point arithmetic We often incur floating-point programming. Floating point greatly simplifies working with large (e.g., 2 70 ) and small (e.g., 2 -17 )

638 views • 30 slides
Big Data on Google Cloud Using Cloud Dataflow, BigQuery, and friends to process data the Cloud

Big Data on Google Cloud Using Cloud Dataflow, BigQuery, and friends to process data the Cloud

Big Data on Google Cloud Using Cloud Dataflow, BigQuery, and friends to process data the Cloud way William Vambenepe, Lead Product Manager for Big Data, Google Cloud Platform @vambenepe / vbp@google.com Agenda 1 Big Data at Google 2

969 views • 38 slides
Privacy on Smartphones Presentation by Claude Barthels Roadmap TaintDroid: An

Privacy on Smartphones Presentation by Claude Barthels Roadmap TaintDroid: An

Privacy on Smartphones Presentation by Claude Barthels Roadmap TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones MockDroid: Trading Privacy for Application Functionality on Smartphones

429 views • 38 slides
A First Look at Deep Learning Apps on Smartphones Mengwei Xu 1 , Jiawei Liu 1 , Yuanqiang Liu 1

A First Look at Deep Learning Apps on Smartphones Mengwei Xu 1 , Jiawei Liu 1 , Yuanqiang Liu 1

A First Look at Deep Learning Apps on Smartphones Mengwei Xu 1 , Jiawei Liu 1 , Yuanqiang Liu 1 Felix Xiaozhu Lin 2 , Yunxin Liu 3 , Xuanzhe Liu 1 1 Peking University, 2 Purdue University, 3 Microsoft Research Deep learning is popular Google is

828 views • 36 slides
Google Charts Display live data on your site 1 Using Google Charts

Google Charts Display live data on your site 1 Using Google Charts

Google Charts Display live data on your site 1 Using Google Charts https://developers.google.com/chart 2 3 we want to represent this data 4 Step 1 create a container div inside an html page 5 Step 2 create a .js fi le with the following

216 views • 20 slides
6/29/2017 Floating Point Integer data type 32-bit unsigned integers limited to whole numbers

6/29/2017 Floating Point Integer data type 32-bit unsigned integers limited to whole numbers

6/29/2017 Floating Point Integer data type 32-bit unsigned integers limited to whole numbers from 0 to just over 4 billion What about large numbers (e.g. national debt, bank bailout Floating point representation bill, Avogadros

186 views • 7 slides
arXiv:1706.03762v5 [cs.CL] 6 Dec 2017 Llion Jones Aidan N. Gomez ukasz Kaiser

arXiv:1706.03762v5 [cs.CL] 6 Dec 2017 Llion Jones Aidan N. Gomez ukasz Kaiser

Attention Is All You Need Ashish Vaswani Noam Shazeer Niki Parmar Jakob Uszkoreit Google Brain Google Brain Google Research Google Research avaswani@google.com noam@google.com nikip@google.com usz@google.com

295 views • 15 slides
Floating-point numbers Fractional binary numbers IEEE floating-point standard Floating-point

Floating-point numbers Fractional binary numbers IEEE floating-point standard Floating-point

Floating-point numbers Fractional binary numbers IEEE floating-point standard Floating-point operations and rounding Lessons for programmers Many more details we will skip (its a 58-page standard) See CSAPP 2.4 for more detail. 1

381 views • 15 slides
I 2 C-bus Elements SASE March 2010 SASE- March 2010 Alix Maldonado -Technical Marketing Manager

I 2 C-bus Elements SASE March 2010 SASE- March 2010 Alix Maldonado -Technical Marketing Manager

I 2 C-bus Elements SASE March 2010 SASE- March 2010 Alix Maldonado -Technical Marketing Manager Product Line System Management Business Line Interface Products Agenda I 2 C-bus Protocol Electrical Characteristics Electrical Characteristics

944 views • 79 slides
DATA MANAGEMENT FOR BUSINESS INTELLIGENCE Data Access: Files Salvatore Ruggieri Computer Science

DATA MANAGEMENT FOR BUSINESS INTELLIGENCE Data Access: Files Salvatore Ruggieri Computer Science

DATA MANAGEMENT FOR BUSINESS INTELLIGENCE Data Access: Files Salvatore Ruggieri Computer Science Department, University of Pisa Master in Big Data Analytics and Social Mining BI Architecture 2 Business Intelligence Two issues 3 Where are

1k views • 65 slides
Photodetector R&D and the Fast Focusing DIRC Prototype at SLAC: A Status Report Blair

Photodetector R&D and the Fast Focusing DIRC Prototype at SLAC: A Status Report Blair

Photodetector R&D and the Fast Focusing DIRC Prototype at SLAC: A Status Report Blair Ratcliff, SLAC Representing C. Field, T. Hadig, D.W.G.S. Leith, G. Mazaheri, B. Ratcliff, J. Schwiening, J. Uher, J. Vavra - Motivation - R&D

443 views • 21 slides
ANKO THE ULTIMATE NINJA OF KOTLIN LIBRARIES? AGENDA What are Kotlin and Anko?

ANKO THE ULTIMATE NINJA OF KOTLIN LIBRARIES? AGENDA What are Kotlin and Anko?

KAI KOENIG (@AGENTK) ANKO THE ULTIMATE NINJA OF KOTLIN LIBRARIES? AGENDA What are Kotlin and Anko? Anko-related idioms and language concepts Anko DSL The hidden parts of Anko Anko VS The Rest Final thoughts WHAT ARE

807 views • 54 slides
Global Early Warning System (GEWS) with Global University System (GUS) Takeshi Utsumi, Ph.D.,

Global Early Warning System (GEWS) with Global University System (GUS) Takeshi Utsumi, Ph.D.,

Global Early Warning System (GEWS) with Global University System (GUS) Takeshi Utsumi, Ph.D., P.E. Chairman, GLObal Systems Analysis and Simulation Association in the U.S.A. (GLOSAS/USA) takutsumi0@gmail.com

608 views • 49 slides
IKT STTTET SAMARBEJDE IKT i Byggeprocessen Cand. Scient. Byggeledelse. Semester 1, 2009.

IKT STTTET SAMARBEJDE IKT i Byggeprocessen Cand. Scient. Byggeledelse. Semester 1, 2009.

ICT Enhanced Buildings Potentials IKT STTTET SAMARBEJDE IKT i Byggeprocessen Cand. Scient. Byggeledelse. Semester 1, 2009. 16.4.2009 PC/KS CONTENT Samarbejdsvrktjer og deres egenskaber. Eksempler: Projektwebs, video konferens,

864 views • 23 slides
Running a bug bounty Crowdsourcing security Collin Greene Also known as.. What is a bug bounty

Running a bug bounty Crowdsourcing security Collin Greene Also known as.. What is a bug bounty

Running a bug bounty Crowdsourcing security Collin Greene Also known as.. What is a bug bounty program Essentially bribing strangers to tell us their facebook 0days Sometimes blows up in our face, most of time works pretty well

841 views • 25 slides
Youve Got Your Nice List of Bugs, Now What? Vulnerability Discovery and Management

Youve Got Your Nice List of Bugs, Now What? Vulnerability Discovery and Management

Youve Got Your Nice List of Bugs, Now What? Vulnerability Discovery and Management Processes in the Wild Noura Alomar, Primal Wijesekera, Edward Qiu, and Serge Egelman University of California (Berkeley) and ICSI Motivation Many

688 views • 23 slides

More recommend