News aggregator Flipboard became a victim of data leakage, this information confirmed in the company.…
For executing an attack, SensorID used gyroscope and magnetometer calibration data (iOS-devices), and accelerometer, gyroscope and magnetometer (Android-devices). According to SensorID authors, devices from Apple are more vulnerable to attack than Android-powered gadgets. This explained by the fact that during manufacturing of all devices Apple performs precise calibration of all sensor while Android-producers not always do it.
Attack based on careful analysis of sensors’ data that is available without any permissions.
“Our analysis allows getting factory calibration data for every device that producers implement in smartphone’s hardware for compensation of systematic production errors in sensors” – reported SensorID authors.
Calibration data can be used as fingerprints – unique identifiers that allow analytic companies and cybercriminals tracing users’ activity on the Internet. Data collection does not affect device’s performance and victim may suspect nothing.
According to researchers, getting calibration data takes one second only, and not affected by device’s position and environmental conditions. As calibration data remains unchanged, it allows keeping eye on user’s activity on the Internet even after settings reset.
Authors of the research are not aware if attackers used SensorID technology, but argue that:
А study shows that motion sensor data is accessed by 2,653 of the Alexa top 100K websites, including more than 100 websites exfiltrating motion sensor data to remote servers.
Apple fixed vulnerability (CVE-2019-8541) in March this year with the release of iOS 12.2 by adding random noise in sensor calibration output. Google did not launched any patches and reported about necessity to study an issue.
To mitigate this calibration fingerprint attack, vendors can add uniformly distributed random noise to ADC outputs before calibration is applied. Alternatively, vendors could round the sensor outputs to the nearest multiple of the nominal gain.
Source: https://sensorid.cl.cam.ac.uk
Pectorsed.com is a site that tries to trick you into clik to its browser notifications…
News-wogago.com is a site that tries to force you into subscribing to its browser notifications…
Grimpoaltoumpa.com is a site that tries to force you into subscribing to its browser notifications…
News-cekufa.com is a site that tries to force you into clik to its browser notifications…
News-nevawo.com is a domain that tries to trick you into clik to its browser notifications…
News-vuyexu.com is a domain that tries to force you into subscribing to its browser notifications…