Phone accelerometer causes serious privacy threat - reveals unique fingerprint

A researcher from the University of Illinois has discovered that a mobile phone's accelerometer can be used to produce an unique fingerprint, allowing the phone to be tracked even if all other privacy settings are locked down. Fingerprinting through the sensors is possible because of small variations in each manufactured sensor. In a test researchers were able to recognize devices based on the fingerprint with a 96% accuracy.

myce-phone-fingerprint

ADVERTISEMENT

The researcher discovered how each accelerometer is different due imperfections in the manufacturing process.  Accelerometers consist of tiny bars of metal that move between other metal bars when the phone is moved. Movement causes a change in electrical capacitance and a phone uses the information to determine whether the phone is in landscape or portrait mode or uses the movement information for controlling games.

Due to the small differences capturing data from the sensor is enough to identify a single phone by it's 'unique sensor fingerprint'. For applications to use the accelerometer they don't need to ask for permission to a phone user  in contrary to obvious personal data revealing features like location, network access etc. etc. Nearly all mobile devices contain an accelerometer which means all modern mobile phones can be potentially tracked. The phone's operating system is not important, it's possible on Android, iOS, Windows Phone and other mobile operating systems.

The picture above shows how it's possible for an application to capture some sensor data and provide this to e.g. a third party like an advertising network. When multiple apps provide the same information, the advertising network is able to track the user by its unique sensor fingerprint. Based on that they are able to create a profile of the user and target advertisements without any permission and without the user being aware of being tracked.

ADVERTISEMENT

It's not the first time researchers discover how the accelerometer of a phone can be used to gather user data. When typing, a phone also makes movements due to an user pressing on the touchscreen. Researchers have demonstrated to be able to determine what users are typing based on that movement. The gather data could be used by hackers to steal sensitive data like credit card numbers and PIN codes.

No posts to display