14-829 / 18-638: Mobile Security - Fall 2016
Assignment #3 - Tracking from the Comfort of your Laptop
- Assigned: October 4, 2016
- Due: October 20, 2016
- Description:
It is another fine fall day. You are sitting around, staring at a tree. In the distance, you see your good friend
Billy Bob wobbling toward you. You look away, hoping he won't notice you, but alas, as if time sped up, he is now
standing right in front of you. He looks really distraught. Billy Bob explains that things with his girlfriend are
worse than ever, and is convinced that it is all because of this pesky TA. You tell him that he is just being paranoid.
Billy Bob goes on to explain that because he values his girlfriend's privacy sooooo much, he devised a plan to track
this pesky TA around campus using a tracker app that you will write, so he can see if this dude hangs out with her often.
As per his logic, since the tracker would be installed on the pesky TA's phone instead of his girlfriend's, he is not
being a creepy stalker. You tell him to get lost. Billy Bob then gets down on his knees, starts crying profusely, and
begs you to help him. You tell him once again to get lost. He wobbles away, only to return five minutes later with
some two month old spoiled food he found in the break room fridge. He offers you the food, and being the poor hungry
CMU student that you are, decide to accept his offer. As per your astute observations of the pesky TA, he often leaves
his desk, without his phone, to socialize with various students in the hallway. You also remember the pesky TA saying
once that he is 'too awesome' to enable location services on his phone. You devise a plan, a plan for the ages...
- Tasks:
- Know your APs! - In this task, you will use WiGLE map data to create a table of mappings of WiFi APs to
coarse-grained locations at your CMU campus. Go to WiGLE.net and use the map to view APs at your campus (since PGH is
large, restrict to Hamerschlag, CIC, or INI - CMU-SV is only two buildings). Use WiGLE data from 2015-2016 (and maybe contribute
your own data using the WiGLE app). Create a table of BSSID to location mappings, based on where WiGLE plots each AP. The
location is a short description (such as a specific room, hallway, bathroom, etc...). The more APs you include in your table,
the more awesome the app will be. When creating the mappings, feel free to collaborate with classmates to get a more complete
table, but only on this task!!! Do not collaborate on any other task.
- Write a stealth user tracking app - Write an app which tracks a user, in a stealthy manner. Because we assume the
user disabled location services on their phone, we will use a sneaky approach. Implement functionality for your app to periodically
report information about WiFi APs. At specific intervals (for example once a minute) have the app record whatever useful information it can obtain
about nearby WiFi APs (e.g., SSID, BSSID, power level).
- Send the tracking data off the device - Now, create functionality to send periodic emails from the device to an email
address which you control (have access to). After each time AP information is collected, email the list, along with the relevant
location information from the lookup table of APs. Make sure to clear any outdated information as well. Since this is not a
trivial task, we're providing a README file and some code packages to help you here:
activation.jar, additionnal.jar,
mail.jar, EmailSender.java, and
SendEmailTask.java. Make sure to include a high-level explanation of how you will track
the TA using this data.
- Constraints: Your app must work under the following constraints:
- Only the following permissions are allowed: ACCESS_WIFI_STATE, CHANGE_WIFI_STATE, and INTERNET.
- The app must be stealthy. In other words, when it is running, the user must be unaware of its presence in all tasks in
which it performs. You can assume that if the app is suspended in the background, that the user will not check the task manager.
- The app must be able to send emails without user interaction.
- The app must be able to run continuously, even when the screen is off.
- The app must work on all Android versions ≥ 4.0.
- Hints: You can assume that the TA left his phone laying around and not locked, so don't worry about how to get the app
onto his phone. When receiving emails from the app, it would help to filter them into a separate folder, so you don't spam yourself. :-)
- Deliverables: Each student will submit a written summary of their efforts for the above tasks. Some report guidelines
to help convey your work to us:
- Attach code snippets with the screenshots of the important code. Important code is essentially anything related to the
above tasks.
- Attach sample emails generated by the app. Include a context, such as a screenshot of the emails in your inbox, spam folder,
etc.
- Be sure to explain, step-by-step, what is going on. Simply sending screenshots and code snippets in itself doesn't prove to us
that you fully understand why the code works the way it does.
The written summary should be no longer than five (5) pages in a single-column format using font size 10 or greater,
converted to a .pdf
document.
- Submission Instructions: Each student should submit a
.pdf
version of their written summary via Blackboard,
using the format requested above. All students are expected to complete the assignment on their own; discussion about the assignment
is allowed and encouraged, but all design, coding, and writing components must be done individually.
- Grading: This assignment is worth 35 points: 10 points for collecting and describing your interesting data set, 20
points for creating and documenting your tracking app, and 5 points for describing how you made use of the emailed information from
the device. We reserve the right to take off points for presentation aspects, e.g., incorrect format, poor writing, etc.