Existing trajectory privacy protection mechanisms rely heavily on GPS, rendering them vulnerable to signal outages and offering insufficient protection. This paper introduces CAN-Trace—the first privacy attack framework for trajectory reconstruction leveraging in-vehicle Controller Area Network (CAN) bus messages. It constructs a weighted road graph using CAN signals such as vehicle speed and throttle position, then applies graph-matching algorithms against real-world road networks to infer driving trajectories without GPS. A robust evaluation metric is proposed to accommodate sensor data loss and matching inaccuracies. Experiments demonstrate attack success rates of 90.59% in urban and 99.41% in suburban environments—substantially outperforming GPS-dependent approaches. These results expose a critical, previously underestimated privacy threat: long-term driving trajectory inference via ubiquitous CAN bus telemetry.

Driving trajectory data remains vulnerable to privacy breaches despite existing mitigation measures. Traditional methods for detecting driving trajectories typically rely on map-matching the path using Global Positioning System (GPS) data, which is susceptible to GPS data outage. This paper introduces CAN-Trace, a novel privacy attack mechanism that leverages Controller Area Network (CAN) messages to uncover driving trajectories, posing a significant risk to drivers' long-term privacy. A new trajectory reconstruction algorithm is proposed to transform the CAN messages, specifically vehicle speed and accelerator pedal position, into weighted graphs accommodating various driving statuses. CAN-Trace identifies driving trajectories using graph-matching algorithms applied to the created graphs in comparison to road networks. We also design a new metric to evaluate matched candidates, which allows for potential data gaps and matching inaccuracies. Empirical validation under various real-world conditions, encompassing different vehicles and driving regions, demonstrates the efficacy of CAN-Trace: it achieves an attack success rate of up to 90.59% in the urban region, and 99.41% in the suburban region.