Abstract
Location Tracking Networks using opportunistic mobile crowdsensing are a recent development garnering lots of attention and users. One example would be Apple’s Airtags,which allow location tracking without any active Internet or GPS connection on the
Trackers. Although used by millions and the possibility of far-reaching security and privacy consequences due to the novel architecture used, not all of the major systems have
been thoroughly analysed. Additionally, no public threat model exists, making it hard
to judge a system’s security and privacy.
In this thesis, we give a brief introduction to mobile crowdsensing and then go on
to establish a generalised and open threat model for opportunistic mobile crowdsensing
location networks (OMCLNs), incorporating both security and privacy concerns. Next,
we analyse the three most important OMCLNs made by Apple, Samsung and Tile
by performing an in-depth security analysis of the protocols, including traffic analysis,
reverse engineering and firmware manipulation. Later, we identify security and privacy
threats in the analysed implementations using the newly proposed generalised threat
model and discuss its success and limitations.
Date of Award | 2024 |
---|---|
Original language | English (American) |
Supervisor | Markus Zeilinger (Supervisor) |