Smartphone sensors leave traceable fingerprints: Research
Smartphone fingerprints can become visible, if accelerometer data signals are analyzed in detail.
Researchers claim that smartphone
sensors can leave real-time fingerprints unique to each individual
device. The researchers focused primarily on the accelerometer sensors,
that is essential for countless applications, including sleep
monitoring, pedometers, mobile gaming and found that other sensors could
leave equally unique fingerprints.
Research by Associate Professor Romit
Roy Choudhury and graduate students Sanorita Dey and Nirupam Roy from
the University of Illinois College of Engineering have demonstrated that
these fingerprints exist within smartphone sensors, due to
imperfections during the hardware manufacturing process.
"When you manufacture the hardware, the
factory cannot produce the identical thing in millions. So these
imperfections create fingerprints," said Associate Professor Romit Roy
Choudhury.
According to the researchers, these
fingerprints can become visible if the accelerometer data signals is
scrutinized in detail. The researchers also stated that other sensors in
the phone like the gyroscopes, magnetometers, microphones, cameras, and
others could also share the same characteristic differences. So if
someone wanted to perform this analysis, they could do so, the
researchers claimed.
The study was conducted on more than 100
devices over a period of nine months on 80 standalone accelerometer
chips, 25 Android devices and 2 tablets. The researchers were able to
analyse the data with 96 percent accuracy and could discriminate one
sensor from another.
"We do not need to know any other
information about the phone – no phone number or SIM card number. Just
by looking at the data, we can tell you which device it’s coming from.
It’s almost like another identifier,” said Dey.
The researchers claim that in the real
world, when a smartphone application does not have access to location
information, but can be tracked through other means. The attacker could
easily obtain the data through a chatting service or a game, or even by
simply recording and sending accelerometer data.
To collect the data, the researchers -
as with any would-be attacker - needed to sample the accelerometer data.
The vibration of each accelerometer uses a single vibrator motor
similar to the buzz when a text message is received in two-second
intervals. The accelerometer detected the movement during those
intervals and the readings were transmitted to a supervised-learning
tool, which decoded the fingerprint.
"Even if you erase the app in the phone,
or even erase and reinstall all software, the fingerprint still stays
inherent. That's a serious threat," Roy said. The researchers suggest
that smartphone users, e-book readers, smartwatch wearers and tablet
users should be more vigilant while sharing their data with anyone.
Dey warns, "Don't share your
accelerometer data without thinking about how legitimate or how secure
that application is. Even if it's using only the sensor data, still it
can attack you in some way. The consumer should be aware."
The research was published at the
Network and Distributed System Security Symposium (NDSS) and has won the
best poster award at the HotMobile international workshop in 2013.
No comments: