A new fingerprinting attack was recently developed by the Cambridge University. This fingerprinting attack will enable all smartphones to be tracked all over the Internet. The fingerprinting attack is so vulnerable that it’s easy to operate and can never be stopped without Google or Apple Inc directives. It’s not all smartphones that are vulnerable, but if you have an iPhone, Google Pixel 2, 3, they are automatically attackable, including some other Android devices that are high-end.
Additionally, information that can be used to develop fingerprints for devices were collected by websites from various browsers that phone users’ visit. It is done in such a way that the fingerprint can be used to access all the website visited on your device.
The developers were able to create a way by which a better device fingerprint is accessible which uses information collected from smartphone sensors known as SensorID.
Every smartphones have sensors; be it gyroscopes, accelerometers, or magnetometers. Although, they’re not so perfect and correct upon their manufacturing due to unavoidable imperfections. Device manufacturers usually calibrate all devices through measurements and corrections of errors that each device may unavoidably have. After which the calibration data will be encoded in the device firmware. Often times, the calibration data recognizes the device almost immediately. Nonetheless, developers attacks pave ways for the attack to have access to the calibration data which in turns provides the device fingerprint. SensorID basically relies on data collected from sensors which cannot be altered irrespective of the browser in use.
The attack cannot be stopped. The data for the fingerprint creation is available on websites users visit or apps the devices used. The data is not protected and no need to gain access before it can be created. Creating the fingerprint doesn’t take time and very simple to create.
The fate of Android devices and SensorID
For SensorID and Android devices, there’s both pros and cons. The pros is that Android devices are not so vulnerable to SensorID compare to iOS devices. This is because most Android devices are lower levels and so don’t have calibration sensors. Although, some tests were carried out on some Android devices and result shows that creating fingerprint attacks on them were impossible.
The cons here is researchers were able to detect that fingerprint can be created on Google Pixel 2/3. No further details has been released concerning this by Google.
For Android users, there’s really no cause for alarm as your device is not susceptible to this attack. And even if your device is not safe from this attack, there’s virtually nothing that can be done as regard this.