I KNOW WHERE YOU'VE BEEN: GEO-INFERENCE ATTACKS VIA THE BROWSER CACHE presented at BlackHatAsia 2015

by Yaoqi Jia,

Summary : Numerous websites customize their services according to different geo-locations of users, to provide more relevant content and better responsiveness, including Google, Craigslist, Google Maps, etc. Recently, mobile devices further allow web applications to directly read users' geo-location information from GPS sensors. However, if such websites leave location-sensitive content in the browser cache, other sites can sniff users' geo-locations by utilizing timing side-channels.
In this presentation, we demonstrate that such geo-location leakage channels are widely open in popular web applications today, including 62% of 55 Alexa Top 100 websites and 11 map service websites. With geo-inference attacks that measure the timing of browser cache queries, we can locate users' countries, cities, and neighborhoods in our case studies. We show that such attacks affect all five mainstream browsers (e.g., Chrome and Firefox) as well as TorBrowser in certain cases. We also discuss whether existing defenses can effectively prevent such attacks and additional support required for a better defense deployment.