Sensor Calibration Attack Threatens Smartphone Users

Heads-up smartphones users! A new attack method has surfaced online that can meddle with your Android or iPhone. According to researchers, this sensor calibration attack can monitor your devices’ activities across the internet.

Sensor Calibration Attack – Risk To Most Smartphones

A team of researchers from the Computer Laboratory, University of Cambridge, have devised a new attack method threatening smartphones. Termed as ‘SensorID’, the method is robust enough to track online activities of most Android and iOS devices.

The sensor calibration attack works by tracking the sensor data accessible to websites and apps without permissions.

Explaining their findings, the researchers stated on the dedicated SensorID web page,

We have developed a new type of fingerprinting attack, the calibration fingerprinting attack. Our attack uses data gathered from the accelerometer, gyroscope and magnetometer sensors found in smartphones to construct a globally unique fingerprint.

The researchers have presented their findings in the IEEE Symposium on Security and Privacy 2019 (IEEE S&P’19). While they have shared the details in a separate research paper.  Regarding the sensitivity of this attack method, they have stated in their Talk Preview,

Calibration fingerprinting attack is easy to conduct by a website or an app in under 1 second, requires no special permissions, does not require user interaction.

SensorID tracks calibration details from iOS devices’ gyroscope and magnetometer sensors, and the accelerometer sensors on Android phones.

Android Users More Vulnerable

Although, the sensor calibration attack affects both iOS and Android smartphones. However, the iOS users remain relatively less prone to these attacks since Apple calibrates these devices at factory settings. Moreover, every iOS device has unique calibration data.

On the contrary, Android devices are more vulnerable since very few Android makers practice per-device calibration at factory lines owing to the procedures high cost and complexity.

Users can check the vulnerability status of their devices via the following link.

Fortunately, Apple has patched the vulnerability (CVE-2019-8541) with the release of iOS 12.2. So, iOS users can simply update their devices to stay protected. However, Android users remain prone to these attacks.

As possible mitigation, the researcher advise,

To mitigate this calibration fingerprint attack, vendors can add uniformly distributed random noise to ADC outputs before calibration is applied. Alternatively, vendors could round the sensor outputs to the nearest multiple of the nominal gain.

Since all major browsers (Chrome, Safari, Firefox, and Opera) including the private browsers such as Brave and Firefox Focus remain vulnerable to calibration fingerprinting, the researchers recommend them to add features disabling JavaScript access to motion sensors. This will help protect the devices from attacks via websites.

Take your time to comment on this article.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients