Location-leaking through Network Traffic in Mobile Augmented Reality Applications

Gabriel Meyer-Lee, Jiacheng Shang, Jie Wu

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

8 Scopus citations

Abstract

Mobile Augmented Reality (AR) applications allow the user to interact with virtual objects positioned within the real world via a smart phone, tablet or smart glasses. As the popularity of these applications grows, recent researchers have identified several security and privacy issues pertaining to the collection and storage of sensitive data from device sensors. Location-based AR applications typically not only collect user location data, but transmit it to a remote server in order to download nearby virtual content. In this paper we show that the pattern of network traffic generated by this process alone can be used to infer the user's location. We demonstrate a side-channel attack against a widely available Mobile AR application inspired by Website Fingerprinting methods. Through the strategic placement of virtual content and prerecording of the network traffic produced by interacting with this content, we are able to identify the location of a user within the target area with an accuracy of 94%. This finding reveals a previously unexplored vulnerability in the implementation of Mobile AR applications and we offer several recommendations to mitigate this threat.

Original languageEnglish
Title of host publication2018 IEEE 37th International Performance Computing and Communications Conference, IPCCC 2018
PublisherInstitute of Electrical and Electronics Engineers Inc.
ISBN (Electronic)9781538668085
DOIs
StatePublished - 2 Jul 2018
Event37th IEEE International Performance Computing and Communications Conference, IPCCC 2018 - Orlando, United States
Duration: 17 Nov 201819 Nov 2018

Publication series

Name2018 IEEE 37th International Performance Computing and Communications Conference, IPCCC 2018

Conference

Conference37th IEEE International Performance Computing and Communications Conference, IPCCC 2018
Country/TerritoryUnited States
CityOrlando
Period17/11/1819/11/18

Keywords

  • Augmented Reality
  • data privacy
  • mobile applications

Fingerprint

Dive into the research topics of 'Location-leaking through Network Traffic in Mobile Augmented Reality Applications'. Together they form a unique fingerprint.

Cite this