World Bulletin / News Desk
Researchers found a burglar, for example, could set up a bogus company and determine if someone left a location from data collected on the person’s smartphone. An employer could find out if a worker is shopping online during office hours.
University of Washington researchers will present their findings later this month at an industry conference in Dallas, Texas.
"Anyone from a foreign intelligence agent to a jealous spouse can pretty easily sign up with a large internet advertising company and on a fairly modest budget use these ecosystems to track another individual's behavior," lead author Paul Vines said in a statement.
An interloper would first have to identify the mobile advertising identification (MAID) -- a randomly-generated code associated with the target’s smartphone -- something that can be achieved when the device connects to an unsecure wireless connection or if the hacker was able to gain access to a router used by the target.
After identifying the target’s phone, someone could purchase hyperlocal advertising targeted toward the victim to track movement.
Researchers found they could track someone’s morning commute through a city or identify a target’s specific location within 10 minutes of arrival.
“To be very honest, I was shocked at how effective this was," said co-author Tadayoshi Kohno. "We did this research to better understand the privacy risks with online advertising. There's a fundamental tension that as advertisers become more capable of targeting and tracking people to deliver better ads, there's also the opportunity for adversaries to begin exploiting that additional precision."