FreeTrack: A Tool for Automated User Location Tracking
Introduction
Many popular location-based social networks (LBSNs) support built-in location-based social discovery with hundreds of millions of users around the world. While user (near) realtime geographical information is essential to enable location-based social discovery in LBSNs, the importance of user location privacy has also been recognized by leading real-world LBSNs. However, there exists some design flaws in some LBSN applications. We proposed FreeTrack, an automated user location tracking system for mobile social networks, which could automatically track Wechat, Skout and Momo even without users’ awareness.
FreeTrack can infer a user’s location information based only on the relative distance information displayed by the LBSN apps. It can generate three fake anchor locations and obtain the relative distance to the victim. With 3 anchor locations and their corresponding distances, FreeTrack could trigger the Iterative Trilateration based Localization Algorithm and finally obtain the user's location.
Attack Methodology
Attack Model
When FreeTrack determines a particular victim, it could generate three fake anchor locations and obtain the relative distance to the victim. With 3 anchor locations and their corresponding distances, it could trigger the Iterative Trilateration based Localization Algorithm and obtain the first inferred location, which will be set to the new anchor point. With this inferred location as well as two other anchor points, FreeTrack could launch a new round of attack. This process will be repeated until the distance between the new inferred location and the victim reaches the localization accuracy limit. After that, FreeTrack could trigger space partition attack, which further improves the accuracy until the distance reaches the predefined accuracy threshold. Fig. 1 shows the whole attacking process.
Fig.1. The Attack Flow
Iterative Trilateration based Localization Algorithm
In FreeTrack, this algorithm is used to infer the user's location. We denote P as the List of reference points sorted by the relative distance to the target point from smaller to larger. Without loss of the generality, the first three items of P are represented by p1, p2 and p3. We further define function dist(a, b) to measure the distance between the point a and b, as well as function Lsp(a, b, c) to return the least square estimation of the localization target based on three reference points (a, b, c). We summarize our iterative trilateration localization algorithm in Fig.2. Fig.3 shows the trilateration process in global scale.
Fig.3 Trilateration on Global Scale
Fig.2. Iterative Trilateration Localization Algorithm
Space Partition Attack Algorithm
Space partition attack algorithm can further enhance the localization accuracy and thus breaking the minimum distance limit. The basic idea of space partition attack is similar to space partition algorithm, which is defined as the process of dividing a space (usually a Euclidean space) into two or more non-overlapping regions and thus locating any point in the space to exactly one of the regions. The basic idea of space partition attack is illustrated in Fig.4.
We could repeat this partition for multiple rounds until the expected detecting accuracy is achieved. The whole algorithm is summarized in Algorithm 2.
Fig.4 Illustration of Space Partition Attack
Fig.5. Space Partition Attack Algorithm
Experiment
To evaluate the effectiveness of FreeTrack, we implement the real-world experiments by recruiting 30 volunteers for the 3 kinds of LBSN apps: Wechat, Skout and Momo. We evaluate the Localization Accuracy of FreeTrack by comparing the distance between the user’s Real Locations and Inferred Locations, and Localization Efficiency of FreeTrack by measuring the latency of launching an attack for different apps. In the experiments of real-world tracking, we evaluate the effectiveness of FreeTrack by measuring how many top locations could be recovered by using 3-week track.
The evaluation of tracking accuracy is shown in Fig.6. The experiment results demonstrate that the asynchronous tracking can also achieve a very high level of accuracy. As shown in Fig.6a, more than 80% of tracking results on Momo can geo-locate the victims in 40m, more than 90% of tracking results on Skout can break the distance limit of 800m to geo-locate the victims to 0−20m and 80−100m, and over half of the tracking onWechat users can be located to the accuracy of less than 60m.