Your mobile phone can give away your location, even if you…

first_img TAGStheconversation.com Previous articleApopka Police Department awards McDonalds staffers for heroic act of kindnessNext articleApopka teenager is one of Florida’s Top Youth Volunteers Of 2018 Denise Connell RELATED ARTICLESMORE FROM AUTHOR Free webinar for job seekers on best interview answers, hosted by Goodwill June 11 U.S. military officials were recently caught off guard by revelations that servicemembers’ digital fitness trackers were storing the locations of their workouts – including at or near military bases and clandestine sites around the world. But this threat is not limited to Fitbits and similar devices. My group’s recent research has shown how mobile phones can also track their users through stores and cities and around the world – even when users turn off their phones’ location-tracking services.The vulnerability comes from the wide range of sensors phones are equipped with – not just GPS and communications interfaces, but gyroscopes and accelerometers that can tell whether a phone is being held upright or on its side and can measure other movements too. Apps on the phone can use those sensors to perform tasks users aren’t expecting – like following a user’s movements turn by turn along city streets.Most people expect that turning their phone’s location services off disables this sort of mobile surveillance. But the research I conduct with my colleagues Sashank Narain, Triet Vo-Huu, Ken Block and Amirali Sanatinia at Northeastern University, in a field called “side-channel attacks,” uncovers ways that apps can avoid or escape those restrictions. We have revealed how a phone can listen in on a user’s finger-typing to discover a secret password – and how simply carrying a phone in your pocket can tell data companies where you are and where you’re going.Making assumptions about attacksWhen designing protection for a device or a system, people make assumptions about what threats will occur. Cars, for instance, are designed to protect their occupants from crashes with other cars, buildings, guardrails, telephone poles and other objects commonly found in or near roads. They’re not designed to keep people safe in cars driven off a cliff or smashed by huge rocks dropped on them. It’s just not cost-effective to engineer defenses against those threats because they’re assumed to be extremely uncommon.Similarly, people designing software and hardware make assumptions about what hackers might do. But that doesn’t mean devices are safe. One of the first side-channel attacks was identified back in 1996 by cryptographer Paul Kocher, who showed he could break popular and supposedly secure cryptosystems by carefully timing how long it took a computer to decrypt an encrypted message. The cryptosystem designers hadn’t imagined that an attacker would take that approach, so their system was vulnerable to it.There have been many other attacks through the years using all sorts of different approaches. The recent Meltdown and Spectre vulnerabilities that exploit design flaws in computer processors, are also side-channel attacks. They enable malicious applications to snoop on other applications’ data in the computer memory.Monitoring on the goMobile devices are perfect targets for this sort of attack from an unexpected direction. They are stuffed with sensors, usually including at least one accelerometer, a gyroscope, a magnetometer, a barometer, up to four microphones, one or two cameras, a thermometer, a pedometer, a light sensor and a humidity sensor.Apps can access most of these sensors without asking for permission from the user. And by combining readings from two or more devices, it’s often possible to do things that users, phone designers and app creators alike may not expect.In one recent project, we developed an app that could determine what letters a user was typing on a mobile phone’s on-screen keyboard – without reading inputs from the keyboard. Rather, we combined information from the phone’s gyroscope and its microphones.When a user taps on the screen in different locations, the phone itself rotates slightly in ways that can be measured by the three-axis micromechanical gyroscopes found in most current phones. Further, tapping on a phone screen produces a sound that can be recorded on each of a phone’s multiple microphones. A tap close to the center of the screen will not move the phone much, will reach both microphones at the same time, and will sound roughly the same to all the microphones. However, a tap at the bottom left edge of the screen will rotate the phone left and down; it will reach the left microphone faster; and it will sound louder to microphones near the bottom of the screen and quieter to microphones elsewhere on the device.Processing the movement and sound data together let us determine what key a user pressed, and we were right over 90 percent of the time. This sort of function could be added secretly to any app and could run unnoticed by a user.Identifying a locationWe then wondered whether a malicious application could infer a user’s whereabouts, including where they lived and worked, and what routes they traveled – information most people consider very private.We wanted to find out whether a user’s location could be identified using only sensors that don’t require users’ permission. The route taken by a driver, for instance, can be simplified into a series of turns, each in a certain direction and with a certain angle. With another app, we used a phone’s compass to observe the person’s direction of travel. That app also used the phone’s gyroscope, measuring the sequence of turn angles of the route traveled by the user. And the accelerometer showed whether a user was stopped, or moving.By measuring a sequence of turns, and stringing them together as a person travels, we could make a map of their movements. (In our work, we knew which city we were tracking people through, but a similar approach could be used to figure out what city a person was in.)Matching the route of a smartphone with a trip through Boston. Screenshot of Google Maps, CC BY-NDImagine we observe a person in Boston heading southwest, turning 100 degrees to the right, making a sharp U-turn to the left to head southeast, turning slightly to the right, continuing straight, then following a shallow curve to the left, a quick jog to the right, bumping up and down more than usual on a road, turning 55 degrees right, and turning 97 degrees left and then making a slight curve right before stopping.We developed an algorithm to match those movements up against a digitized map of the streets of the city the user was in, and determined which were the most likely routes a person might take. Those movements could identify a route driving from Fenway Park, along the Back Bay Fens, past the Museum of Fine Arts and arriving at Northeastern University.We were even able to refine our algorithm to incorporate information about curves in roads and speed limits to help narrow options. We produced our results as a list of possible pathsranked by how likely the algorithm thought they were to match the actual route. About half the time, in most cities we tried, the real path a user followed was in the top 10 items on the list. Further refining the map data, sensor readings and the matching algorithm could substantially improve our accuracy. Again, this type of capability could be added to any app by a malicious developer, letting innocent-appearing apps snoop on their users.Our research group is continuing to investigate how side-channel attacks can be used to reveal a variety of private information. For instance, measuring how a phone moves when its owner is walking could suggest how old a person is, whether they are male (with the phone in a pocket) or female (typically with the phone in a purse), or even health information about how steady a person is on his feet or how often she stumbles. We assume there is more your phone can tell a snoop – and we hope to find out what, and how, to protect against that sort of spying. Support conservation and fish with NEW Florida specialty license plate Please enter your comment! Save my name, email, and website in this browser for the next time I comment. The Anatomy of Fear Share on Facebook Tweet on Twitter LEAVE A REPLY Cancel reply You have entered an incorrect email address! Please enter your email address here Please enter your name herelast_img read more


IPE Awards Seminar: Market volatility ‘irrelevant’, cash flows key, says Bridgeland

first_imgSource: IPEDelegates were polled on if they knew the cashflows of their pension funds.The former consultant called on pension funds to start thinking like businesses, explaining how it was at first hard for her trustee board to understand why actuaries were attempting to assess the value of cash flows from the fund’s holdings.“The reality is that most businesses and most businesses when they are thinking about a long-term project will look at cash flows,” she said.“Really, that is the common sense – you apply that business thinking to the problem.“Why are we thinking about volatility and market values? That’s irrelevant. What matters is volatility and diversification of cash flows.”Bridgeland said it was important to change the mindset of all involved in monitoring asset performance, and that she wanted to compare the performance of a long-lease property with that of infrastructure debt, without having to place the assets into different categories.“You want to get the best price for the cash flows, and you want to assess risk based on the characteristics of those cash flows,” she said. Bridgeland said that, when she first joined the BP scheme, it resembled a balanced fund in its investment approach, but that she had implemented a number of strategy changes since 2007 and knew exactly where she wanted the plan to be in 2023 – even if the path towards achieving her goals was an unpredictable one.#*#*Show Fullscreen*#*# Market volatility and fluctuating asset values are “irrelevant” and should be ignored in favour of an approach based around the monitoring of cash flows, Sally Bridgeland of the UK’s BP Pension Scheme has said.The chief executive of the £16.6bn (€19.9bn) fund also told attendees at the IPE Awards Seminar in Noordwijk that pension funds were unlikely to be prepared for the operational challenges coming their way in a post-Lehman Brothers world.Five years after the financial institution’s collapse, Bridgeland was interviewed by Amin Rajan, chief executive of CREATE-Research, on how the demise of the investment bank had changed approaches to investment.“For me, the interesting thing is that, 10 years ago, nobody used the word ‘risk’,” Bridgeland said. She also expressed surprise at a poll of attendees that found 58% knew their pension fund to be cash-flow positive.Only 6% of attendees said they did not know into which category their scheme fell.Bridgeland said the focus on risk and the fact pension fund employees knew their fund was cash-flow positive “[signalled] the fact we are moving into a different era”.#*#*Show Fullscreen*#*#center_img Delegates were also asked during Bridgeland’s panel about their overall risk appetite.“I’m not sure the asset management industry, the consulting industry and even individual pension funds have the operational flexibility they need to do that kind of journey – that’s what reality is going to throw at us,” she said. Weighing in on an earlier debate about smart beta – one that saw the strategies branded “old wine in new bottles” – the chief executive said the challenges over ever-changing strategies facing the pensions industry was a different one.“It’s symptomatic of not old wine in new bottles but middle-aged people on Harley-Davidsons,” she said. “It’s a bit of a mid-life crisis, where everyone is trying to grapple with what we’ve got to try, and make sense of the journey ahead.”Bridgeland predicted that, rather than wine, pension funds in future would want cocktails of asset allocation.“Different pension funds will want different ways of looking at their assets, and they might want it shaken and they might want it stirred because of the particular characteristics they have,” she said.last_img read more


Dodgers’ magic number down to 2 despite 7-4 loss

first_imgBy that point, Colorado led 7-1 and the thin Rocky Mountain air wasn’t thin enough to facilitate a comeback. Yet the Dodgers’ magic number to clinch the National League West fell to 2 when the Giants lost to the A’s later in the day.The Dodgers’ lead in the division is 8 with nine games remaining. They can clinch today, but only if they beat the Rockies and the A’s beat the Giants in their game, which begins at 1 p.m. First pitch from Coors Field is scheduled for 5:10 p.m.The Dodgers have another game in Denver on Sunday before they begin a four-game series in San Francisco on Monday. Either nothing or everything will be at stake for both teams. If the Dodgers haven’t clinched the West by the end of that series, manager Don Mattingly said, “We don’t deserve to.”Bolsinger allowed seven hits and seven runs in four innings. Only four of the runs were earned, though Bolsinger did not help his cause by walking three batters. He struck out two. At one point during the fourth-inning onslaught, Dodgers head athletic trainer Stan Conte visited the mound to check on the pitcher. But there was no injury. “Nothing was wrong at all,” Bolsinger saidIn the previous breath, however, the right-hander conceded that he hasn’t been the same since returning from a four-week hiatus at Triple-A. In four September starts for the Dodgers, Bolsinger’s ERA has risen from 2.83 to 3.48.“Maybe a little bit of fatigue in the arm,” he said. “Since I’ve been back, I’m just getting tired real quick.”Mattingly reserved the right to change his mind, but said his first preference is to keep Bolsinger in the rotation. His next start would come Wednesday in San Francisco. Right-hander Carlos Frias is healthy and has a chance, like Bolsinger, to earn a postseason roster spot as a long reliever. Frias pitched four shutout innings Wednesday against the Arizona Diamondbacks in his only September start — a step in the right direction.Bolsinger said he is merely trying to finish the regular season strong.“Whatever happens, happens,” he said. “I definitely haven’t put myself in very good position for anything.”Rockies starter David Hale (5-5) allowed five hits and only one run in five innings before the announced crowd of 38,485 at Coors Field.On a night when second baseman Howie Kendrick was the only right-handed hitting position player in the Dodgers’ starting lineup, he delivered two of the Dodgers’ nine hits. Jimmy Rollins had three, including a triple, and Chase Utley walked twice and clubbed a ground-rule double. “It’s always tough this time of year because we’re playing against teams that have nothing to lose,” Dodgers outfielder Carl Crawford said. “They play us a little harder. We’re trying not to make mistakes and do things the proper way. Sometimes it’s tough that way, but we still have to be professional, get ready to play, do what we do, and go out there and take care of business.”The Dodgers committed two errors in the field Friday and another on the base paths, when Crawford took a wide turn around first base on an infield single and was thrown out by Colorado third baseman Nolan Arenado.Getting ahead of ourselves, are we?“We’re not looking forward to nothing,” Crawford insisted.The Rockies lowered the boom with three runs in the third inning and three more in the fourth against Dodgers starter Mike Bolsinger (6-5). Charlie Blackmon, Carlos Gonzalez and Corey Dickerson each hit solo home runs in the fourth inning. DENVER >> The natural toll of playing 152 games is clearly pulling the Dodgers in a bad direction at the moment. Flashes of urgency, occasionally from grizzled veterans and occasionally from youngsters fighting for a postseason roster spot, are pulling the opposite direction.The taut threads in this metaphorical tug-of-war represent the Dodgers’ magic number. It can only get smaller, but its existence feels tortured.A 7-4 loss to the Colorado Rockies like Friday’s would not have come with the same tension in May or June, though the Dodgers lost to the Rockies twice in each of those months. Because it came in Game 153 of a 162-game regular season, it’s easier to lump in with the Dodgers’ four-game losing streak that ended Tuesday: Bad losses, or at least bad timing.center_img Newsroom GuidelinesNews TipsContact UsReport an Errorlast_img read more