Mobile Technology

Smartphone sensor "fingerprints" could be used to track individual devices

View 3 Images
The tiny imperfections in each smartphone's sensors leave a unique fingerprint in its shared data (Image: Shutterstock)
The tiny imperfections in each smartphone's sensors leave a unique fingerprint in its shared data (Image: Shutterstock)
An example of how a phone's fingerprint could be used to track its user
The researchers' accelerometer-testing setup
View gallery - 3 images

Security-conscious smartphone users may decline apps' requests to "use your current location," but according to research conducted at the University of Illinois, doing so still doesn't mean that those users can't be tracked. This is because each phone's sensors – such as the accelerometer – have a unique "fingerprint." By identifying that fingerprint in sensor data sent from the phone, third parties could at the very least keep track of what the user is doing at what time.

As described by the university, smartphone sensors are sort of like sugar cookies made with the same dinosaur-shaped cookie cutter. Although all of the cookies may look like the same dinosaur on first glance, each one is going to have its own tiny unique imperfections. In the case of the sensors, those imperfections leave the one-of-a-kind fingerprint in the gathered data. Although that fingerprint isn't readily apparent to casual users of the data, it can be found by people who are looking for it.

The researchers arrived at their conclusion by testing 80 standalone accelerometer chips, along with the accelerometers in 25 Android phones and two tablets. They used a vibrator motor like those found in most smartphones, to vibrate all of the accelerometers. By analyzing the resulting accelerometer readings, a fingerprint was established for each unit. When those fingerprints were sought out in subsequent readings, it was possible to identify the originating device with 96 percent accuracy.

The researchers' accelerometer-testing setup

This means that conceivably, attackers could access a phone's accelerometer fingerprint simply through app functions that activate its vibrator. Even if the accelerometer were taken out of the equation, other sensors such as the camera, microphone or gyroscope likely also bear their own fingerprints. According to the researchers, by combining all of those identifiers, it would be possible to track a user with even greater accuracy.

Although actual GPS data couldn't necessarily be accessed, a user's approximate whereabouts could likely be obtained based on the sort of apps that they were identified as using – a navigation app would indicate that they were in transit, for instance, while a fitness app might suggest that they were at the gym. None of this would be a problem if raw sensor data were processed onboard the phone, with only basic information being shared. Unfortunately, however, doing so would place a large workload on the processor, and diminish the battery life.

The research was conducted by associate professor Romit Roy Choudhury and graduate students Sanorita Dey and Nirupam Roy. No particular solution has been put forth at this point, other than the suggestion that users not share sensor data with an app before considering how legitimate or secure it is.

Source: University of Illinois

View gallery - 3 images
  • Facebook
  • Twitter
  • Flipboard
  • LinkedIn
2 comments
Nairda
I guess on some level you have to create a list of your phone's desirable functions and consider what you can do without.
My biggest concern in this space is if a photo/video app anonymously collects and forwards thumbnail size copies of the images I take. A lot of people take family pics which they never intent to place on any online space. To this end any app that requests access to my photo library gets its internet link cut off.
Stephen N Russell
Nice to have fingerprint to allow acess, dont like it to have someone track me & device around Unless I have VIP Exec Security etc alone Otherwise Invasion of Privacy.