Fingerprinting iPhones

2019-05-22T11:24:21
ID SCHNEIER:9368233682027BE455AFE673D1495990
Type schneier
Reporter Bruce Schneier
Modified 2019-05-22T11:24:21

Description

This clever attack allows someone to uniquely identify a phone when you visit a website, based on data from the accelerometer, gyroscope, and magnetometer sensors.

> We have developed a new type of fingerprinting attack, the calibration fingerprinting attack. Our attack uses data gathered from the accelerometer, gyroscope and magnetometer sensors found in smartphones to construct a globally unique fingerprint. Overall, our attack has the following advantages: > > * The attack can be launched by any website you visit or any app you use on a vulnerable device without requiring any explicit confirmation or consent from you. > * The attack takes less than one second to generate a fingerprint. > * The attack can generate a globally unique fingerprint for iOS devices. > * The calibration fingerprint never changes, even after a factory reset. > * The attack provides an effective means to track you as you browse across the web and move between apps on your phone. > > * Following our disclosure, Apple has patched this vulnerability in iOS 12.2.

Research paper.