Overnight, Apple has turned its hundreds-of-million-device ecosystem into the world’s largest crowd-sourced location tracking network called o~ine finding (OF). OF leverages online finder devices to detect the presence of missing o~ine devices using Bluetooth and report an approximate location back to the owner via the Internet. While OF is not the first system of its kind, it is the first to commit to strong privacy goals. In particular, OF aims to ensure finder anonymity, prevent tracking of owner devices, and confidentiality of location reports. This paper presents the first comprehensive security and privacy analysis of OF. To this end, we recover the specifications of the closed-source OF protocols by means of reverse engineering. We experimentally show that unauthorized access to the location reports allows for accurate device tracking and retrieving a user’s top locations with an error in the order of 10 meters in urban areas. While we find that OF’s design achieves its privacy goals, we discover two distinct design and implementation flaws that can lead to a location correlation attack and unauthorized access to the location history of the past seven days, which could deanonymize users. Apple has partially addressed the issues following our responsible disclosure. Finally, we make our research artifacts publicly available.
Due to the increase in natural disasters in the past years, Disaster Response Organizations (DROs) are faced with the challenge of coping with more and larger operations. Currently appointed Information and Communications Technology (ICT) used for coordination and communication is sometimes outdated and does not scale, while novel technologies have the potential to greatly improve disaster response efficiency. To allow adoption of these novel technologies, ICT system designers have to take into account the particular needs of DROs and characteristics of International Disaster Response (IDR). This work attempts to bring the humanitarian and ICT communities closer together. In this work, we analyze IDR-related documents and conduct expert interviews. Using open coding, we extract empirical insights and translate the peculiarities of DRO coordination and operation into tangible ICT design requirements. This information is based on interviews with active IDR staff as well as DRO guidelines and reports. Ultimately, the goal of this paper is to serve as a reference for future ICT research endeavors to support and increase the efficiency of IDR operations.2 communication systems. To this end, we were in contact with 126 IDR experts and active staff (including 15 interviews) from 71 different national and international DROs who also provided pointers to official guidelines, reports, and other resources.This article is structured as follows: In the next section, we outline the body of related work. We present our methodology in Section 3. In Section 4, we present our empirical insights for ICT design. In particular, we introduce important terminology in Section 4.1. We then explain the organizational structure of DROs at the example of the United Nations (UN) in Section 4.2. We detail how different DROs coordinate on a global level in Section 4.3, and how a typical local IDR operation is coordinated and carried out in Section 4.4. Finally, we conclude in Section 5. Related workThe field literature refers to ICT for disaster response as crisis informatics, although the terms disaster, crisis, and emergency are often used interchangeably. Due to the growing number of crisis situations occurring across the world [20,25], the use of crisis communication and management via technology has gained in importance and been increasingly researched [46,47]. There are several challenges and obstacles in sharing and coordinating information during multi-agency disaster response [8].Research efforts have focused on describing the specific characteristics of emergencies and the resulting challenges and requirements for ICT support, for example, derived via case studies and interviews [11,37]. The conference for Information Systems for Crisis Response and Management (ISCRAM) was the first scientific venue for ICT-based crisis communication. Founded in 2004 by a group of scientists from various related fields, its aim was to address the issue of ICT support for effective [69] disaster management. One major work presented at the first meetin...
Delay/Disruption-Tolerant Networks (DTNs) have been around for more than a decade and have especially been proposed to be used in scenarios where communication infrastructure is unavailable. In such scenarios, DTNs can offer a best-effort communication service by exploiting user mobility. Natural disasters are an important application scenario for DTNs when the cellular network is destroyed by natural forces. To assess the performance of such networks before deployment, we require appropriate knowledge of human mobility. In this paper, we address this problem by designing, implementing, and evaluating a novel mobility model for large-scale natural disasters. Due to the lack of GPS traces, we reverse-engineer human mobility of past natural disasters (focusing on 2010 Haiti earthquake and 2013 Typhoon Haiyan) by leveraging knowledge of 126 experts from 71 Disaster Response Organizations (DROs). By means of simulation-based experiments, we compare and contrast our mobility model to other well-known models, and evaluate their impact on DTN performance. Finally, we make our source code available to the public.Comment: To appear in Proceedings of MSWiM '17. 8 Pages, 9 Figures. Source code and data available at https://github.com/seemoo-lab/natural-disaster-mobilit
Unmanned ground vehicles (UGVs) and unmanned aerial vehicles (UAVs) are promising assets to support rescue operations in natural or man-made disasters. Most UGVs and UAVs deployed in the field today depend on human operators and reliable network connections to the vehicles. However, network connections in challenged environments are often lost, thus control can no longer be exercised. In this paper, we present a novel approach to emergency communication where semi-autonomous UGVs and UAVs cooperate with humans to dynamically form communication islands and establish communication bridges between these islands. Humans typically form an island with their mobile devices if they are in physical proximity; UGVs and UAVs extend an island's range by carrying data to a neighboring island. The proposed approach uses delay/disruptiontolerant networking for non-time critical tasks and direct mesh connections for prioritized tasks that require real-time feedback. The developed communication platform runs on rescue robots, commodity mobile devices, and various drones, and supports our operations and control center software for disaster management.
Overnight, Apple has turned its hundreds-ofmillion-device ecosystem into the world's largest crowdsourced location tracking network called offline finding (OF). OF leverages online finder devices to detect the presence of missing offline devices using Bluetooth and report an approximate location back to the owner via the Internet. While OF is not the first system of its kind, it is the first to commit to strong privacy goals. In particular, OF aims to ensure finder anonymity, untrackability of owner devices, and confidentiality of location reports. This paper presents the first comprehensive security and privacy analysis of OF. To this end, we recover the specifications of the closed-source OF protocols by means of reverse engineering. We experimentally show that unauthorized access to the location reports allows for accurate device tracking and retrieving a user's top locations with an error in the order of 10 meters in urban areas. While we find that OF's design achieves its privacy goals, we discover two distinct design and implementation flaws that can lead to a location correlation attack and unauthorized access to the location history of the past seven days, which could deanonymize users. Apple has partially addressed the issues following our responsible disclosure. Finally, we make our research artifacts publicly available.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
Contact Info
customersupport@researchsolutions.com
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Product
Resources
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.
