Accelerometer in phone has tracking potential, researchers find

Oct 14, 2013 by Nancy Owano report

(Phys.org) —The smartphone's paths to security vulnerability continue to capture the attention of security researchers. Currently, the focus is turning to the rise in sensors being designed into smartphones, and their potential role in breach of privacy. Researchers want to learn more about how data-producing sensors may raise security risks, and a recent finding turns its focus on accelerometers. A team at Stanford discovers that an accelerometer can help identify the smartphone in seconds. According to a detailed account of the research in SFGate, the discovery involves a Stanford University research team who last year set out to test if devices could be identified via various smartphone sensors. Hristo Bojinov, a PhD candidate in computer science and part of the group, said the intent was to raise awareness among device makers, designers and policy professionals how sensors might be an avenue for tracking. They did find flaws in phone sensors which, potentially, advertisers could exploit.

"Code running on the website in the device's mobile browser measured the tiniest defects in the device's accelerometer—the sensor that detects movement—producing a unique set of numbers that advertisers could exploit to identify and track most smartphones," said the report.

Ad tracking and privacy will continue to be a point of research, discussion and debate as companies pursue customer data in order to target ads and special offers. Cookies have served as a popular way for marketers to understand user actions and target ads accordingly. Product and service promoters could use the ID approach the same way they use cookies to monitor user online actions and target ads. What is worrisome about accelerometer-fed information is that there would be no user control. The data could not be allowed or denied by the user.

As for research, this would not be the first research attempt to look at the security aspects of accelerometers in smartphones. In 2010, a paper by researchers from Georgia Institute of Technology, University of Houston, University of Puerto Rico and Franklin W. Olin College of Engineering titled "Detecting User Activities Using the Accelerometer on Android Smartphones," made a similar point.

"Accelerometers can be used to detect movement and the rate of change of the speed of movement...the use of accelerometers in Android applications does not require the application to have permission to use it. Therefore, it is possible for an application to collect a user's accelerometer data without the user's knowledge. With accelerometer data and the use of a server to collect the information, it is a fairly simple task for someone to gain a user's personal information, their location, or to figure out what a user is doing or typing."

In 2012, a paper titled "Practicality of Accelerometer Side Channels on Smartphones" by researchers from the University of Pennsylvania reported that by analyzing data gathered by they were able to get a good idea of the Pin or pattern used to protect a phone. "In this paper, we show that the accelerometer sensor can also be employed as a high-bandwidth side channel; particularly, we demonstrate how to use the to learn user tap and gesture-based input as required to unlock smartphones using a PIN/password or Android's graphical password pattern."

What is noteworthy about findings from Bojinov and colleagues is that it was not only the accelerometer that could generate data for tracking. They also called attention to the microphone and speaker, where they were able to produce a unique "frequency response curve," based on how devices play and record a common set of frequencies. The researchers are to publish their results in the coming months.

Explore further: Many docs believe mobile health apps can improve patient care

More information: blog.sfgate.com/techchron/2013… hrough-sensor-flaws/

Related Stories

Stealth game steals info from Android sensors

Apr 24, 2012

(Phys.org) -- No joke. A proof-of-concept application for phones running Android pretends to be a fun challenge asking the user to identify identical icons from a bunch of images. All the while the app monitors ...

openPDS software focuses on control of personal data

Oct 07, 2013

(Phys.org) —Regarded as a building block for the personal data ecosystem, open PDS has arrived. As Thomas Hardjono, technical lead of the MIT Consortium for Kerberos and Internet Trust commented in New Sc ...

Recommended for you

Apple sees iCloud attacks; China hack reported

46 minutes ago

Apple said Tuesday its iCloud server has been the target of "intermittent" attacks, hours after a security blog said Chinese authorities had been trying to hack into the system.

HP supercomputer at NREL garners top honor

3 hours ago

A supercomputer created by Hewlett-Packard (HP) and the Energy Department's National Renewable Energy Laboratory (NREL) that uses warm water to cool its servers, and then re-uses that water to heat its building, has been ...

Turner channels removed from Dish amid pact spat

3 hours ago

Channels such as Cartoon Network and CNN are no longer part of Dish's programming lineup as a deadline has passed for the satellite TV provider and Turner Broadcasting to renew their distribution agreement.

User comments : 0