Accelerometer in phone has tracking potential, researchers find

Oct 14, 2013 by Nancy Owano report

(Phys.org) —The smartphone's paths to security vulnerability continue to capture the attention of security researchers. Currently, the focus is turning to the rise in sensors being designed into smartphones, and their potential role in breach of privacy. Researchers want to learn more about how data-producing sensors may raise security risks, and a recent finding turns its focus on accelerometers. A team at Stanford discovers that an accelerometer can help identify the smartphone in seconds. According to a detailed account of the research in SFGate, the discovery involves a Stanford University research team who last year set out to test if devices could be identified via various smartphone sensors. Hristo Bojinov, a PhD candidate in computer science and part of the group, said the intent was to raise awareness among device makers, designers and policy professionals how sensors might be an avenue for tracking. They did find flaws in phone sensors which, potentially, advertisers could exploit.

"Code running on the website in the device's mobile browser measured the tiniest defects in the device's accelerometer—the sensor that detects movement—producing a unique set of numbers that advertisers could exploit to identify and track most smartphones," said the report.

Ad tracking and privacy will continue to be a point of research, discussion and debate as companies pursue customer data in order to target ads and special offers. Cookies have served as a popular way for marketers to understand user actions and target ads accordingly. Product and service promoters could use the ID approach the same way they use cookies to monitor user online actions and target ads. What is worrisome about accelerometer-fed information is that there would be no user control. The data could not be allowed or denied by the user.

As for research, this would not be the first research attempt to look at the security aspects of accelerometers in smartphones. In 2010, a paper by researchers from Georgia Institute of Technology, University of Houston, University of Puerto Rico and Franklin W. Olin College of Engineering titled "Detecting User Activities Using the Accelerometer on Android Smartphones," made a similar point.

"Accelerometers can be used to detect movement and the rate of change of the speed of movement...the use of accelerometers in Android applications does not require the application to have permission to use it. Therefore, it is possible for an application to collect a user's accelerometer data without the user's knowledge. With accelerometer data and the use of a server to collect the information, it is a fairly simple task for someone to gain a user's personal information, their location, or to figure out what a user is doing or typing."

In 2012, a paper titled "Practicality of Accelerometer Side Channels on Smartphones" by researchers from the University of Pennsylvania reported that by analyzing data gathered by they were able to get a good idea of the Pin or pattern used to protect a phone. "In this paper, we show that the accelerometer sensor can also be employed as a high-bandwidth side channel; particularly, we demonstrate how to use the to learn user tap and gesture-based input as required to unlock smartphones using a PIN/password or Android's graphical password pattern."

What is noteworthy about findings from Bojinov and colleagues is that it was not only the accelerometer that could generate data for tracking. They also called attention to the microphone and speaker, where they were able to produce a unique "frequency response curve," based on how devices play and record a common set of frequencies. The researchers are to publish their results in the coming months.

Explore further: Tiny sensor used in smart phones could create urban seismic network

More information: blog.sfgate.com/techchron/2013/10/10/stanford-researchers-discover-alarming-method-for-phone-tracking-fingerprinting-through-sensor-flaws/

Related Stories

Stealth game steals info from Android sensors

Apr 24, 2012

(Phys.org) -- No joke. A proof-of-concept application for phones running Android pretends to be a fun challenge asking the user to identify identical icons from a bunch of images. All the while the app monitors ...

openPDS software focuses on control of personal data

Oct 07, 2013

(Phys.org) —Regarded as a building block for the personal data ecosystem, open PDS has arrived. As Thomas Hardjono, technical lead of the MIT Consortium for Kerberos and Internet Trust commented in New Sc ...

Recommended for you

Microsoft expands ad-free Bing search for schools

Apr 23, 2014

Microsoft is expanding a program that gives schools the ability to prevent ads from appearing in search results when they use its Bing search engine. The program, launched in a pilot program earlier this year, is now available ...

Growing app industry has developers racing to keep up

Apr 20, 2014

Smartphone application developers say they are challenged by the glut of apps as well as the need to update their software to keep up with evolving phone technology, making creative pricing strategies essential to finding ...

Android gains in US, basic phones almost extinct

Apr 18, 2014

The Google Android platform grabbed the majority of mobile phones in the US market in early 2014, as consumers all but abandoned non-smartphone handsets, a survey showed Friday.

Hackathon team's GoogolPlex gives Siri extra powers

Apr 17, 2014

(Phys.org) —Four freshmen at the University of Pennsylvania have taken Apple's personal assistant Siri to behave as a graduate-level executive assistant which, when asked, is capable of adjusting the temperature ...

User comments : 0

More news stories

SK Hynix posts Q1 surge in net profit

South Korea's SK Hynix Inc said Thursday its first-quarter net profit surged nearly 350 percent from the previous year on a spike in sales of PC memory chips.

FCC to propose pay-for-priority Internet standards

The Federal Communications Commission is set to propose new open Internet rules that would allow content companies to pay for faster delivery over the so-called "last mile" connection to people's homes.

Brazil enacts Internet 'Bill of Rights'

Brazil's president signed into law on Wednesday a "Bill of Rights" for the digital age that aims to protect online privacy and promote the Internet as a public utility by barring telecommunications companies ...

Is nuclear power the only way to avoid geoengineering?

"I think one can argue that if we were to follow a strong nuclear energy pathway—as well as doing everything else that we can—then we can solve the climate problem without doing geoengineering." So says Tom Wigley, one ...

When things get glassy, molecules go fractal

Colorful church windows, beads on a necklace and many of our favorite plastics share something in common—they all belong to a state of matter known as glasses. School children learn the difference between ...

FDA proposes first regulations for e-cigarettes

The federal government wants to prohibit sales of electronic cigarettes to minors and require approval for new products and health warning labels under regulations being proposed by the Food and Drug Administration.