Guess Which Car Type I Am Driving: Information Leak via Driving Apps

Abstract

Driving apps on smartphones collect sensor data — GPS, accelerometer, gyroscope — to provide navigation and insurance telematics services. We reveal a previously unknown privacy leak in these apps: the sensor data alone is sufficient to infer the type of vehicle a user is driving, exposing information the user never intended to share.

VeFi (Vehicle Fingerprinting) demonstrates that subtle mechanical signatures in smartphone sensor readings — caused by each car model's unique engine, suspension, and drivetrain characteristics — can be used to classify vehicle type with high accuracy. This work won the Best Paper Award at VehicleSec 2023 and motivates new privacy protections in automotive sensing applications.

Key Findings

• Smartphone motion sensors passively leak vehicle type information to driving apps.
• Machine learning classifier achieves high vehicle-type accuracy from sensor data alone.
• Attack requires no special hardware — any smartphone in the cupholder suffices.
• Motivates privacy-preserving sensor APIs and data minimization in automotive apps.

BibTeX

@inproceedings{chen2023vefi,
  title     = {Guess Which Car Type I Am Driving: Information Leak via Driving Apps},
  author    = {Chen, Dongyao and Pes\'{e}, Mert D. and Shin, Kang G.},
  booktitle = {Proceedings of the 1st USENIX Symposium on Vehicle Security and Privacy (VehicleSec)},
  year      = {2023}
}