Featured Research

from universities, journals, and other organizations

Smartphone sensors leave trackable fingerprints

Date:
April 28, 2014
Source:
University of Illinois College of Engineering
Summary:
Research has demonstrated that smartphone sensors -- not just the ones meant to track your location -- can leave real-time fingerprints unique to each individual device.

Example demonstrating how accelerometer data shared with separate traffic and health applications could indicate Bob's location.
Credit: Image courtesy of University of Illinois College of Engineering

Fingerprints -- those swirling residues left on keyboards and doorknobs -- are mostly invisible. They can affirm your onetime presence, but they cannot be used to track your day-to-day activities.

They cannot tell someone in real time that after exercising at the gym, you went to office in a bus and played video games during lunch. But what if our hand-held electronics are leaving real-time fingerprints instead? Fingerprints that are so intrinsic to the device that, like our own, they cannot be removed?

Research by Associate Professor Romit Roy Choudhury and graduate students Sanorita Dey and Nirupam Roy has demonstrated that these fingerprints exist within smartphone sensors, mainly because of imperfections during the hardware manufacturing process.

In some ways, it's like cutting out sugar cookies. Even using the same dinosaur-shaped cutter, each cookie will come out slightly different: a blemish here, a pock there. For smartphone sensors, these imperfections simply occur at the micro- or nanoscale.

Their findings were published at the Network and Distributed System Security Symposium (NDSS), a major conference on wireless and web security, held last February in San Diego. The research also won the best poster award at the HotMobile international workshop in 2013.

The researchers focused specifically on the accelerometer, a sensor that tracks three-dimensional movements of the phone -- essential for countless applications, including pedometers, sleep monitoring, mobile gaming -- but their findings suggest that other sensors could leave equally unique fingerprints.

"When you manufacture the hardware, the factory cannot produce the identical thing in millions," Roy said. "So these imperfections create fingerprints."

Of course, these fingerprints are only visible when accelerometer data signals are analyzed in detail. Most applications do not require this level of analysis, yet the data shared with all applications -- your favorite game, your pedometer -- bear the mark. Should someone want to perform this analysis, they could do so.

The researchers tested more than 100 devices over the course of nine months: 80 standalone accelerometer chips used in popular smartphones, 25 Android phones, and 2 tablets.

The accelerometers in all permutations were selected from different manufacturers, to ensure that the fingerprints weren't simply defects resulting from a particular production line.

With 96 percent accuracy, the researchers could discriminate one sensor from another.

"We do not need to know any other information about the phone -- no phone number or SIM card number," Dey said. "Just by looking at the data, we can tell you which device it's coming from. It's almost like another identifier."

In the real world, this suggests that even when a smartphone application doesn't have access to location information (by asking "this application would like to use your current location"), there are other means of identifying the user's activities. It could be obtained with an innocuous-seeming game or chatting service, simply by recording and sending accelerometer data. There are no regulations mandating consent.

To collect the data, the researchers -- as with any would-be attacker -- needed to sample the accelerometer data. Each accelerometer was vibrated using a single vibrator motor -- like those that buzz when a text message is received -- for two-second intervals. During those periods, the accelerometer detected the movement and the readings were transmitted to a supervised-learning tool, which decoded the fingerprint.

"Even if you erase the app in the phone, or even erase and reinstall all software," Roy said, "the fingerprint still stays inherent. That's a serious threat."

At this point, however, there is no absolute solution. Smartphone cases made of rubber or plastic do little to mask the signal. Deliberately injecting white noise in the sensor data can smudge the fingerprint, but such noise can also affect the operation of the application, making your pedometer inaccurate and functionally useless.

If accelerometer data were processed directly on the phone or tablet, rather than on the cloud, the fingerprint could be scrubbed before sending information to the application.

That is, the pedometer application might only receive basic information like "300 steps taken," rather than receiving the raw accelerometer data. This, however, imposes a load on the phone's processor and, more importantly, reduces the phone's battery life.

The research also suggests that other sensors in the phone -- gyroscopes, magnetometers, microphones, cameras, and so forth -- could possess the same types of idiosyncratic differences. So even if, at a large scale, the accuracy of accelerometer fingerprints diminishes, when combined with prints from other sensors, an attack could be even more precise.

"Imagine that your right hand fingerprint, by some chance, matches with mine," Roy Choudhury said. "But your left-hand fingerprint also matching with mine is extremely unlikely. So even if accelerometers don't have unique fingerprints across millions of devices, we believe that by combining with other sensors such as the gyroscope, it might still be possible to track a particular device over time and space."

For smartphone users and e-book readers, smartwatch wearers and tablet devotees, perhaps the most critical take-home message, in the short run anyway, is the importance of vigilance.

"Don't share your accelerometer data without thinking about how legitimate or how secure that application is," Dey said. "Even if it's using only the sensor data, still it can attack you in some way. The consumer should be aware."


Story Source:

The above story is based on materials provided by University of Illinois College of Engineering. Note: Materials may be edited for content and length.


Cite This Page:

University of Illinois College of Engineering. "Smartphone sensors leave trackable fingerprints." ScienceDaily. ScienceDaily, 28 April 2014. <www.sciencedaily.com/releases/2014/04/140428121433.htm>.
University of Illinois College of Engineering. (2014, April 28). Smartphone sensors leave trackable fingerprints. ScienceDaily. Retrieved September 23, 2014 from www.sciencedaily.com/releases/2014/04/140428121433.htm
University of Illinois College of Engineering. "Smartphone sensors leave trackable fingerprints." ScienceDaily. www.sciencedaily.com/releases/2014/04/140428121433.htm (accessed September 23, 2014).

Share This



More Matter & Energy News

Tuesday, September 23, 2014

Featured Research

from universities, journals, and other organizations


Featured Videos

from AP, Reuters, AFP, and other news services

Will Living Glue Be A Thing?

Will Living Glue Be A Thing?

Newsy (Sep. 23, 2014) Using proteins derived from mussels, engineers at MIT have made a supersticky underwater adhesive. They're now looking to make "living glue." Video provided by Newsy
Powered by NewsLook.com
Company Copies Keys From Photos

Company Copies Keys From Photos

Newsy (Sep. 22, 2014) A new company allows customers to make copies of keys by simply uploading a couple of photos. But could it also be great for thieves? Video provided by Newsy
Powered by NewsLook.com
The Hyped-Up Big Bang Discovery Has A Dust Problem

The Hyped-Up Big Bang Discovery Has A Dust Problem

Newsy (Sep. 22, 2014) An analysis of new satellite data casts serious doubt on a previous study about the Big Bang that was once hailed as revolutionary. Video provided by Newsy
Powered by NewsLook.com
Rockefeller Oil Heirs Switching To Clean Energy

Rockefeller Oil Heirs Switching To Clean Energy

Newsy (Sep. 22, 2014) The Rockefellers — heirs to an oil fortune that made the family name a symbol of American wealth — are switching from fossil fuels to clean energy. Video provided by Newsy
Powered by NewsLook.com

Search ScienceDaily

Number of stories in archives: 140,361

Find with keyword(s):
Enter a keyword or phrase to search ScienceDaily for related topics and research stories.

Save/Print:
Share:

Breaking News:

Strange & Offbeat Stories


Space & Time

Matter & Energy

Computers & Math

In Other News

... from NewsDaily.com

Science News

Health News

Environment News

Technology News



Save/Print:
Share:

Free Subscriptions


Get the latest science news with ScienceDaily's free email newsletters, updated daily and weekly. Or view hourly updated newsfeeds in your RSS reader:

Get Social & Mobile


Keep up to date with the latest news from ScienceDaily via social networks and mobile apps:

Have Feedback?


Tell us what you think of ScienceDaily -- we welcome both positive and negative comments. Have any problems using the site? Questions?
Mobile: iPhone Android Web
Follow: Facebook Twitter Google+
Subscribe: RSS Feeds Email Newsletters
Latest Headlines Health & Medicine Mind & Brain Space & Time Matter & Energy Computers & Math Plants & Animals Earth & Climate Fossils & Ruins