Data from routines intended to calibrate motion sensors can identify individual iOS and Android devices in a newly released exploit.
Attackers can use some of the mechanisms around sensors in smartphones to track devices around the Internet with no special permissions or escalations required, according to researchers.
SensorID – the name researchers Jiexin Zhang, Alastair R. Beresford, and Ian Sheret have given the sensor calibration fingerprinting exploit (designated CVE-2019-8541) – was discovered in smartphones running iOS and Android. In essence, the exploit takes advantage of routines that calibrate gyroscope and magnetometer sensors on iOS, and accelerometer, gyroscope, and magnetometer sensors on Android, to infer and access information that can identify the individual device and couple that "fingerprint" with tracking cookies and other software to accurately track the device through its online travels.
Because of the way devices are calibrated at the factory, iOS systems are considered somewhat more vulnerable to the exploit than Android devices. Apple patched the vulnerability in iOS 12.2, released in March, while Google has yet to patch the issue in Android.
About the Author(s)
You May Also Like
Guarding the Cloud: Top 5 Cloud Security Hacks and How You Can Avoid Them
April 4, 2024Cybersecurity Strategies for Small and Med Sized Businesses
April 11, 2024Defending Against Today's Threat Landscape with MDR
April 18, 2024Securing Code in the Age of AI
April 24, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024Black Hat Asia - April 16-19 - Learn More
April 16, 2024