Attackers can keep track on users by sensors in their smartphones

Specialists from Cambridge University presented new way of tracing Android – and и iOS- devices user’s activity on the Internet.

Method is called “Tacking digital fingerprints using calibration”, simply SensorID, and is based on using factory calibration data of devices’ sensors, access to which application or website can get without permission.

For executing an attack, SensorID used gyroscope and magnetometer calibration data (iOS-devices), and accelerometer, gyroscope and magnetometer (Android-devices). According to SensorID authors, devices from Apple are more vulnerable to attack than Android-powered gadgets. This explained by the fact that during manufacturing of all devices Apple performs precise calibration of all sensor while Android-producers not always do it.

Attack based on careful analysis of sensors’ data that is available without any permissions.

“Our analysis allows getting factory calibration data for every device that producers implement in smartphone’s hardware for compensation of systematic production errors in sensors” – reported SensorID authors.

Calibration data can be used as fingerprints – unique identifiers that allow analytic companies and cybercriminals tracing users’ activity on the Internet. Data collection does not affect device’s performance and victim may suspect nothing.

[youtube] SensorID: Sensor Calibration Fingerprinting for iOS Devices

According to researchers, getting calibration data takes one second only, and not affected by device’s position and environmental conditions. As calibration data remains unchanged, it allows keeping eye on user’s activity on the Internet even after settings reset.

Authors of the research are not aware if attackers used SensorID technology, but argue that:

А study shows that motion sensor data is accessed by 2,653 of the Alexa top 100K websites, including more than 100 websites exfiltrating motion sensor data to remote servers.

Apple fixed vulnerability (CVE-2019-8541) in March this year with the release of iOS 12.2 by adding random noise in sensor calibration output. Google did not launched any patches and reported about necessity to study an issue.

How to mitigate this fingerprinting attack?

To mitigate this calibration fingerprint attack, vendors can add uniformly distributed random noise to ADC outputs before calibration is applied. Alternatively, vendors could round the sensor outputs to the nearest multiple of the nominal gain.


Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Back to top button