14-829: Mobile Security

14-829 / 18-638: Mobile Security - Fall 2016



Assignment #3 - Tracking from the Comfort of your Laptop

Assigned: October 4, 2016
Due: October 20, 2016

Description: It is another fine fall day. You are sitting around, staring at a tree. In the distance, you see your good friend Billy Bob wobbling toward you. You look away, hoping he won't notice you, but alas, as if time sped up, he is now standing right in front of you. He looks really distraught. Billy Bob explains that things with his girlfriend are worse than ever, and is convinced that it is all because of this pesky TA. You tell him that he is just being paranoid. Billy Bob goes on to explain that because he values his girlfriend's privacy sooooo much, he devised a plan to track this pesky TA around campus using a tracker app that you will write, so he can see if this dude hangs out with her often. As per his logic, since the tracker would be installed on the pesky TA's phone instead of his girlfriend's, he is not being a creepy stalker. You tell him to get lost. Billy Bob then gets down on his knees, starts crying profusely, and begs you to help him. You tell him once again to get lost. He wobbles away, only to return five minutes later with some two month old spoiled food he found in the break room fridge. He offers you the food, and being the poor hungry CMU student that you are, decide to accept his offer. As per your astute observations of the pesky TA, he often leaves his desk, without his phone, to socialize with various students in the hallway. You also remember the pesky TA saying once that he is 'too awesome' to enable location services on his phone. You devise a plan, a plan for the ages...

Tasks:
  1. Know your APs! - In this task, you will use WiGLE map data to create a table of mappings of WiFi APs to coarse-grained locations at your CMU campus. Go to WiGLE.net and use the map to view APs at your campus (since PGH is large, restrict to Hamerschlag, CIC, or INI - CMU-SV is only two buildings). Use WiGLE data from 2015-2016 (and maybe contribute your own data using the WiGLE app). Create a table of BSSID to location mappings, based on where WiGLE plots each AP. The location is a short description (such as a specific room, hallway, bathroom, etc...). The more APs you include in your table, the more awesome the app will be. When creating the mappings, feel free to collaborate with classmates to get a more complete table, but only on this task!!! Do not collaborate on any other task.
  2. Write a stealth user tracking app - Write an app which tracks a user, in a stealthy manner. Because we assume the user disabled location services on their phone, we will use a sneaky approach. Implement functionality for your app to periodically report information about WiFi APs. At specific intervals (for example once a minute) have the app record whatever useful information it can obtain about nearby WiFi APs (e.g., SSID, BSSID, power level).
  3. Send the tracking data off the device - Now, create functionality to send periodic emails from the device to an email address which you control (have access to). After each time AP information is collected, email the list, along with the relevant location information from the lookup table of APs. Make sure to clear any outdated information as well. Since this is not a trivial task, we're providing a README file and some code packages to help you here: activation.jar, additionnal.jar, mail.jar, EmailSender.java, and SendEmailTask.java. Make sure to include a high-level explanation of how you will track the TA using this data.
Constraints: Your app must work under the following constraints:
  • Only the following permissions are allowed: ACCESS_WIFI_STATE, CHANGE_WIFI_STATE, and INTERNET.
  • The app must be stealthy. In other words, when it is running, the user must be unaware of its presence in all tasks in which it performs. You can assume that if the app is suspended in the background, that the user will not check the task manager.
  • The app must be able to send emails without user interaction.
  • The app must be able to run continuously, even when the screen is off.
  • The app must work on all Android versions ≥ 4.0.
Hints: You can assume that the TA left his phone laying around and not locked, so don't worry about how to get the app onto his phone. When receiving emails from the app, it would help to filter them into a separate folder, so you don't spam yourself. :-)

Deliverables: Each student will submit a written summary of their efforts for the above tasks. Some report guidelines to help convey your work to us:
  • Attach code snippets with the screenshots of the important code. Important code is essentially anything related to the above tasks.
  • Attach sample emails generated by the app. Include a context, such as a screenshot of the emails in your inbox, spam folder, etc.
  • Be sure to explain, step-by-step, what is going on. Simply sending screenshots and code snippets in itself doesn't prove to us that you fully understand why the code works the way it does.
The written summary should be no longer than five (5) pages in a single-column format using font size 10 or greater, converted to a .pdf document.

Submission Instructions: Each student should submit a .pdf version of their written summary via Blackboard, using the format requested above. All students are expected to complete the assignment on their own; discussion about the assignment is allowed and encouraged, but all design, coding, and writing components must be done individually.

Grading: This assignment is worth 35 points: 10 points for collecting and describing your interesting data set, 20 points for creating and documenting your tracking app, and 5 points for describing how you made use of the emailed information from the device. We reserve the right to take off points for presentation aspects, e.g., incorrect format, poor writing, etc.