Accelerometer in phone has tracking potential, researchers find

Oct 14, 2013 by Nancy Owano report

(Phys.org) —The smartphone's paths to security vulnerability continue to capture the attention of security researchers. Currently, the focus is turning to the rise in sensors being designed into smartphones, and their potential role in breach of privacy. Researchers want to learn more about how data-producing sensors may raise security risks, and a recent finding turns its focus on accelerometers. A team at Stanford discovers that an accelerometer can help identify the smartphone in seconds. According to a detailed account of the research in SFGate, the discovery involves a Stanford University research team who last year set out to test if devices could be identified via various smartphone sensors. Hristo Bojinov, a PhD candidate in computer science and part of the group, said the intent was to raise awareness among device makers, designers and policy professionals how sensors might be an avenue for tracking. They did find flaws in phone sensors which, potentially, advertisers could exploit.

"Code running on the website in the device's mobile browser measured the tiniest defects in the device's accelerometer—the sensor that detects movement—producing a unique set of numbers that advertisers could exploit to identify and track most smartphones," said the report.

Ad tracking and privacy will continue to be a point of research, discussion and debate as companies pursue customer data in order to target ads and special offers. Cookies have served as a popular way for marketers to understand user actions and target ads accordingly. Product and service promoters could use the ID approach the same way they use cookies to monitor user online actions and target ads. What is worrisome about accelerometer-fed information is that there would be no user control. The data could not be allowed or denied by the user.

As for research, this would not be the first research attempt to look at the security aspects of accelerometers in smartphones. In 2010, a paper by researchers from Georgia Institute of Technology, University of Houston, University of Puerto Rico and Franklin W. Olin College of Engineering titled "Detecting User Activities Using the Accelerometer on Android Smartphones," made a similar point.

"Accelerometers can be used to detect movement and the rate of change of the speed of movement...the use of accelerometers in Android applications does not require the application to have permission to use it. Therefore, it is possible for an application to collect a user's accelerometer data without the user's knowledge. With accelerometer data and the use of a server to collect the information, it is a fairly simple task for someone to gain a user's personal information, their location, or to figure out what a user is doing or typing."

In 2012, a paper titled "Practicality of Accelerometer Side Channels on Smartphones" by researchers from the University of Pennsylvania reported that by analyzing data gathered by they were able to get a good idea of the Pin or pattern used to protect a phone. "In this paper, we show that the accelerometer sensor can also be employed as a high-bandwidth side channel; particularly, we demonstrate how to use the to learn user tap and gesture-based input as required to unlock smartphones using a PIN/password or Android's graphical password pattern."

What is noteworthy about findings from Bojinov and colleagues is that it was not only the accelerometer that could generate data for tracking. They also called attention to the microphone and speaker, where they were able to produce a unique "frequency response curve," based on how devices play and record a common set of frequencies. The researchers are to publish their results in the coming months.

Explore further: Tiny sensor used in smart phones could create urban seismic network

More information: blog.sfgate.com/techchron/2013… hrough-sensor-flaws/

Related Stories

Stealth game steals info from Android sensors

Apr 24, 2012

(Phys.org) -- No joke. A proof-of-concept application for phones running Android pretends to be a fun challenge asking the user to identify identical icons from a bunch of images. All the while the app monitors ...

openPDS software focuses on control of personal data

Oct 07, 2013

(Phys.org) —Regarded as a building block for the personal data ecosystem, open PDS has arrived. As Thomas Hardjono, technical lead of the MIT Consortium for Kerberos and Internet Trust commented in New Sc ...

Recommended for you

Tokyo Game Show: On the hunt for the next Minecraft

13 hours ago

The staggering $2.5 billion that Microsoft has just shelled out for Minecraft and its quirky graphics will be foremost in developers' minds at the Tokyo Game Show this week, where simple yet immersive games ...

Better non-functional security tests for software

Sep 15, 2014

The integration of digital expert knowledge and automation of risk analyses can greatly improve software test procedures and make cloud computing more secure. This is shown by the latest results of a project ...

'Grand Theft Auto V' to hit PS4 and Xbox One

Sep 12, 2014

Rockstar Games on Friday announced that the latest installment of its crime-themed blockbuster video game "Grand Theft Auto" will hit PlayStation 4 and Xbox One consoles in November.

User comments : 0