Sensor errors allow you to compare an individual “fingerprint” with each smartphone

    Opportunities for tracking Internet users are not limited to cookies and logs of the provider or network operator. Any site can easily access information about browser versions and client OSs, installed plugins, screen resolution, and so on. The totality of this information makes it possible to recognize a specific client from millions of others. For smartphones, this problem is even more acute - the characteristics of their iron are much richer due to the large number of sensors - microphones, cameras, accelerometers, gyroscopes, magnetometers.

    Hristo Bozhinov from Stanford University demonstratedthat the microscopic differences in the readings of the accelerometer of the smartphone are quite individual and can distinguish it from thousands of others. Moreover, these indications may be available to any site on the Internet. To test the concept and collect statistics, Bozhinov created the site sensor-id.com , by accessing which from a smartphone, you can find out if your accelerometer data is available for JavaScript, and if so, how individual your smartphone is. According to Bozhinov, it is possible to distinguish an individual “fingerprint” of a sensor even from a very noisy signal, for example, while a smartphone is hanging in your pocket.

    image
    Differences in readings of accelerometers at rest for 16 smartphones

    This is not the only way to get an individual “imprint” of the device. The same individual characteristics are inherent in other sensors. For example, a microphone. By playing the test sound through the speakers of the phone and recording it on a microphone, you can get the amplitude-frequency response of the analog path of the phone. True, this method is not as secretive as the first. Although individually these “fingerprints” do not make it possible to confidently recognize a smartphone among many millions, when used together, as well as using all other available channels, both software and hardware, it is possible to achieve almost one hundred percent correct recognition without any cookies, MAC- addresses or IMEI.

    This is not the first time that the abundance of sensors is alarming for security professionals. So, it has already been shownthat by analyzing the micromotion sequence of the smartphone in your hand when typing a pin code on the screen, you can achieve the correct code recognition in more than 70% of cases. A similar result can be achieved based on the image from the camera. And scientists from the Dresden Technical University have recently developed a way to obtain the individual characteristics of the radio channel of any GSM phone, and the method is completely passive, which means it is untraceable and non-disconnectable. An article by Hristo Bozhinov et al on individual fingerprints of smartphone sensors will be officially published next year.


    Also popular now: