Computer scientists have devised a technique that could one day allow advertisers or law enforcement organizations to surreptitiously fingerprint smartphones.
The attack, recently unveiled by a team of researchers from Stanford University, could be attractive because it works against virtually any smartphone equipped with an "accelerometer." That's the sensor that determines the tilt a person is using to orient a smartphone and shifts the display to either landscape or vertical, accordingly. No special apps or permissions are required beyond a standard browser running with default settings. The technique leaves no browser cookies or other files on the device disk, making it hard for end users to detect using any security or privacy software available today.
The technique works when a smartphone visits a website that hosts JavaScript code that queries the accelerometer for its orientation. This proof of concept site requires the phone to be held face up on a flat surface and a few moments later for it to be tapped and then turned face down. While the z coordinates measured by the sensor should in theory measure -1 and 1 respectively, most smartphones inevitably report miniscule variations—0.71217 and 0.99324 for example on a test device, rounded down for purposes of anonymity. The precise coordinates, according to the site, were unique among 5,000 records.
Read 3 remaining paragraphs | Comments