Sign up to our newsletter
The latest security news direct to your inbox
Most smartphones today contain an accelerometer – without them, the latest fitness apps don’t work – but a Stanford researcher has shown that the sensor can be used to “fingerprint” a device, or even track it. The information could easily be misused by rogue advertisers, he warned.
Each sensor is unique, and can be used to “fingerprint” a device, for targeted advertising or even tracking. The speakers and microphones in smartphones can be used in the same way.
Every accelerometer is different, Hristo Bojinov says, and merely using the device – he demonstrated this by turning over a Galaxy Nexus – gives out a unique set of numbers which can remotely identify the phone, according to an SFGate report.
Bojinov said he was concerned that the information may already be being used by unscrupulous advertisers.
“Code running on the website in the device’s mobile browser measured the tiniest defects in the device’s accelerometer—the sensor that detects movement – producing a unique set of numbers that advertisers could exploit to identify and track most smartphones,” Phys Org reported.
Malicious apps designed to deliver unwanted advertising are already common on Android – when cybercriminals “fool” users into downloading useless apps, the apps are often built to serve up adverts, as was the case with a fake BBM app earlier this year. If sensors in smartphones hand out identifying data, the devices could be an even more attractive target for advertising malware.
The speakers and microphones in smartphones can also “betray” devices, Bojinov says- giving out identifying information, which could be misused by advertisers or cybercriminals. Bojinov demonstrated how speakers and microphones could be used to “identify” phones by the unique way they play and record certain tones. Information Week said that Bojinov hoped that smartphone manufacturers might find a way of safeguarding such data.
“People need to consider the whole system when they think about privacy,” said Bojinov, saying that he would not be surprised if some advertisers had already discovered and used such techniques.
Author Rob Waugh, We Live Security