Mobile Exploit Fingerprints Devices with Sensor Calibration Data
Data from routines intended to calibrate motion sensors can identify individual iOS and Android devices in a newly released exploit.
Attackers can use some of the mechanisms around sensors in smartphones to track devices around the Internet with no special permissions or escalations required, according to researchers.
SensorID – the name researchers Jiexin Zhang, Alastair R. Beresford, and Ian Sheret have given the sensor calibration fingerprinting exploit (designated CVE-2019-8541) – was discovered in smartphones running iOS and Android. In essence, the exploit takes advantage of routines that calibrate gyroscope and magnetometer sensors on iOS, and accelerometer, gyroscope, and magnetometer sensors on Android, to infer and access information that can identify the individual device and couple that "fingerprint" with tracking cookies and other software to accurately track the device through its online travels.
Because of the way devices are calibrated at the factory, iOS systems are considered somewhat more vulnerable to the exploit than Android devices. Apple patched the vulnerability in iOS 12.2, released in March, while Google has yet to patch the issue in Android.
About the Author(s)
You May Also Like
Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy
May 15, 2024Safeguarding Political Campaigns: Defending Against Mass Phishing Attacks
May 16, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024