CISPA
Browse
cispa_all_2757.pdf (1.88 MB)

Geo-locating Drivers: A Study of Sensitive Data Leakage in Ride-Hailing Services.

Download (1.88 MB)
conference contribution
posted on 2023-11-29, 18:09 authored by Qingchuan Zhao, Chaoshun Zuo, Giancarlo PellegrinoGiancarlo Pellegrino, Li Zhiqiang
Increasingly, mobile application-based ride-hailing services have become a very popular means of transportation. Due to the handling of business logic, these services also contain a wealth of privacy-sensitive information such as GPS locations, car plates, driver licenses, and payment data. Unlike many of the mobile applications in which there is only one type of users, ride-hailing services face two types of users: riders and drivers. While most of the efforts had focused on the rider’s privacy, unfortunately, we notice little has been done to protect drivers. To raise the awareness of the privacy issues with drivers, in this paper we perform the first systematic study of the drivers’ sensitive data leakage in ride-hailing services. More specifically, we select 20 popular ride-hailing apps including Uber and Lyft and focus on one particular feature, namely the nearby cars feature. Surprisingly, our experimental results show that largescale data harvesting of drivers is possible for all of the ridehailing services we studied. In particular, attackers can determine with high-precision the driver’s privacy-sensitive information including mostly visited address (e.g., home) and daily driving behaviors. Meanwhile, attackers can also infer sensitive information about the business operations and performances of ride-hailing services such as the number of rides, utilization of cars, and presence on the territory. In addition to presenting the attacks, we also shed light on the countermeasures the service providers could take to protect the driver’s sensitive information.

History

Preferred Citation

Qingchuan Zhao, Chaoshun Zuo, Giancarlo Pellegrino and Li Zhiqiang. Geo-locating Drivers: A Study of Sensitive Data Leakage in Ride-Hailing Services.. In: Network and Distributed System Security Symposium (NDSS). 2019.

Primary Research Area

  • Empirical and Behavioral Security

Secondary Research Area

  • Empirical and Behavioral Security

Name of Conference

Network and Distributed System Security Symposium (NDSS)

Legacy Posted Date

2019-01-11

Open Access Type

  • Unknown

BibTeX

@inproceedings{cispa_all_2757, title = "Geo-locating Drivers: A Study of Sensitive Data Leakage in Ride-Hailing Services.", author = "Zhao, Qingchuan and Zuo, Chaoshun and Pellegrino, Giancarlo and Zhiqiang, Li", booktitle="{Network and Distributed System Security Symposium (NDSS)}", year="2019", }

Usage metrics

    Categories

    No categories selected

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC