October 14, 2013 report
Accelerometer in phone has tracking potential, researchers find
(Phys.org) —The smartphone's paths to security vulnerability continue to capture the attention of security researchers. Currently, the focus is turning to the rise in sensors being designed into smartphones, and their potential role in breach of privacy. Researchers want to learn more about how data-producing sensors may raise security risks, and a recent finding turns its focus on accelerometers. A team at Stanford discovers that an accelerometer can help identify the smartphone in seconds. According to a detailed account of the research in SFGate, the discovery involves a Stanford University research team who last year set out to test if devices could be identified via various smartphone sensors. Hristo Bojinov, a PhD candidate in computer science and part of the group, said the intent was to raise awareness among device makers, designers and policy professionals how sensors might be an avenue for tracking. They did find flaws in phone sensors which, potentially, advertisers could exploit.
"Code running on the website in the device's mobile browser measured the tiniest defects in the device's accelerometer—the sensor that detects movement—producing a unique set of numbers that advertisers could exploit to identify and track most smartphones," said the report.
As for research, this would not be the first research attempt to look at the security aspects of accelerometers in smartphones. In 2010, a paper by researchers from Georgia Institute of Technology, University of Houston, University of Puerto Rico and Franklin W. Olin College of Engineering titled "Detecting User Activities Using the Accelerometer on Android Smartphones," made a similar point.
"Accelerometers can be used to detect movement and the rate of change of the speed of movement...the use of accelerometers in Android applications does not require the application to have permission to use it. Therefore, it is possible for an application to collect a user's accelerometer data without the user's knowledge. With accelerometer data and the use of a server to collect the information, it is a fairly simple task for someone to gain a user's personal information, their location, or to figure out what a user is doing or typing."
In 2012, a paper titled "Practicality of Accelerometer Side Channels on Smartphones" by researchers from the University of Pennsylvania reported that by analyzing data gathered by accelerometers they were able to get a good idea of the Pin or pattern used to protect a phone. "In this paper, we show that the accelerometer sensor can also be employed as a high-bandwidth side channel; particularly, we demonstrate how to use the accelerometer sensor to learn user tap and gesture-based input as required to unlock smartphones using a PIN/password or Android's graphical password pattern."
What is noteworthy about findings from Bojinov and colleagues is that it was not only the accelerometer that could generate data for tracking. They also called attention to the microphone and speaker, where they were able to produce a unique "frequency response curve," based on how devices play and record a common set of frequencies. The researchers are to publish their results in the coming months.
© 2013 Phys.org