Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
schneierBruce SchneierSCHNEIER:9368233682027BE455AFE673D1495990
HistoryMay 22, 2019 - 11:24 a.m.

Fingerprinting iPhones

2019-05-2211:24:21
Bruce Schneier
www.schneier.com
114
JSON

This clever attack allows someone to uniquely identify a phone when you visit a website, based on data from the accelerometer, gyroscope, and magnetometer sensors.

> We have developed a new type of fingerprinting attack, the calibration fingerprinting attack. Our attack uses data gathered from the accelerometer, gyroscope and magnetometer sensors found in smartphones to construct a globally unique fingerprint. Overall, our attack has the following advantages:
>
> * The attack can be launched by any website you visit or any app you use on a vulnerable device without requiring any explicit confirmation or consent from you.
> * The attack takes less than one second to generate a fingerprint.
> * The attack can generate a globally unique fingerprint for iOS devices.
> * The calibration fingerprint never changes, even after a factory reset.
> * The attack provides an effective means to track you as you browse across the web and move between apps on your phone.
>
> * Following our disclosure, Apple has patched this vulnerability in iOS 12.2.

Research paper.

JSON