Smartphone sensors leave traceable fingerprints: Research

Smartphone fingerprints can become visible, if accelerometer data signals are analyzed in detail.

Researchers claim that smartphone sensors can leave real-time fingerprints unique to each individual device. The researchers focused primarily on the accelerometer sensors, that is essential for countless applications, including sleep monitoring, pedometers, mobile gaming and found that other sensors could leave equally unique fingerprints.

Research by Associate Professor Romit Roy Choudhury and graduate students Sanorita Dey and Nirupam Roy from the University of Illinois College of Engineering have demonstrated that these fingerprints exist within smartphone sensors, due to imperfections during the hardware manufacturing process.

"When you manufacture the hardware, the factory cannot produce the identical thing in millions. So these imperfections create fingerprints," said Associate Professor Romit Roy Choudhury.

According to the researchers, these fingerprints can become visible if the accelerometer data signals is scrutinized in detail. The researchers also stated that other sensors in the phone like the gyroscopes, magnetometers, microphones, cameras, and others could also share the same characteristic differences. So if someone wanted to perform this analysis, they could do so, the researchers claimed.

The study was conducted on more than 100 devices over a period of nine months on 80 standalone accelerometer chips, 25 Android devices and 2 tablets. The researchers were able to analyse the data with 96 percent accuracy and could discriminate one sensor from another.

"We do not need to know any other information about the phone – no phone number or SIM card number. Just by looking at the data, we can tell you which device it’s coming from. It’s almost like another identifier,” said Dey.

The researchers claim that in the real world, when a smartphone application does not have access to location information, but can be tracked through other means. The attacker could easily obtain the data through a chatting service or a game, or even by simply recording and sending accelerometer data.

To collect the data, the researchers - as with any would-be attacker - needed to sample the accelerometer data. The vibration of each accelerometer uses a single vibrator motor similar to the buzz when a text message is received in two-second intervals. The accelerometer detected the movement during those intervals and the readings were transmitted to a supervised-learning tool, which decoded the fingerprint.

"Even if you erase the app in the phone, or even erase and reinstall all software, the fingerprint still stays inherent. That's a serious threat," Roy said. The researchers suggest that smartphone users, e-book readers, smartwatch wearers and tablet users should be more vigilant while sharing their data with anyone.

Dey warns, "Don't share your accelerometer data without thinking about how legitimate or how secure that application is. Even if it's using only the sensor data, still it can attack you in some way. The consumer should be aware."

The research was published at the Network and Distributed System Security Symposium (NDSS) and has won the best poster award at the HotMobile international workshop in 2013.