In a world where companies are hungry for user data and are adopting different mechanisms to legally or illegally get hold of it, privacy is a big concern. Advertisers often use unique identifiers like MAC addresses and IMEI numbers to form a profile for you. A technique called ‘device fingerprinting’ is used to collect data from smartphones/computer for identification.
It is the reason why companies provide you with options to limit such permissions. However, Android and iOS devices are full of components that could be used for ‘profiling.’ In a study published by Cambridge University titled “SensorID: Sensor Calibration Fingerprinting for Smartphones,” researchers have found that a smartphone’s sensors can be used to track users by advertisers.
Sensor Calibration Fingerprinting
There are a host of sensors in smartphones like GPS, accelerometers, gyroscopes, magnetometers, microphones, cameras, barometers, ambient light sensors, proximity sensors, and several others.
Tracking users using sensors is not something new but it is the first time that researchers have managed to obtain a proof-of-concept. In the PoC, iOS devices using M-series motion coprocessors were found vulnerable to sensor calibration fingerprinting.
The research revealed that MEMS (Micro-Electro-Mechanical Systems) sensors are inaccurate in their output and this inaccuracy can be used to create a device fingerprint.
High-end smartphones like iPhones and Google Pixel 2 and 3 use a calibration process to compensate for the inaccuracy. If a hacker manages to know the level of compensation used to suppress the inaccuracy, he/she can, then, exploit it.
Apple was informed about how this vulnerability could be exploited and the iPhone maker company patched it in iOS 12.2. Google is yet to address the issue.
Most Android device manufacturers often skip the calibration because of its high cost. Therefore, iOS devices are more prone to calibration fingerprinting since hackers could know the calibration applied to compensate the inaccuracy.
There are many methods that hackers can use to track devices and now we know about one more technique that could be used against the privacy of users.