You leave your fingerprints all over – from computer keyboards or door knobs – but do you know that your smartphone leaves real-time fingerprints that cannot be removed?
Puzzled? Not anymore. Three Indian-origin researchers have demonstrated that the accelerometers used in mobile devices possess unique trackable fingerprints.
These fingerprints stem from subtle idiosyncrasies in device manufacturing and are reflected in the unprotected data shared with numerous applications.
Even if you erase the app in the phone, or even erase and reinstall all software, the fingerprint still stays inherent.
“When you manufacture the hardware, the factory cannot produce the identical thing in millions. So these imperfections create fingerprints,” explained associate professor Romit Roy Choudhury from University of South Carolina (USC).
Along with graduate students Sanorita Dey and Nirupam Roy, Choudhury found that these fingerprints exist within smartphone sensors.
The researchers focused specifically on the accelerometer, a sensor that tracks three-dimensional movements of the phone – essential for countless applications, including pedometers, sleep monitoring, mobile gaming.
The researchers tested more than 100 devices over the course of nine months that included 80 standalone accelerometer chips used in popular smartphones, 25 Android phones and two tablets.
With 96 percent accuracy, the researchers could discriminate one sensor from another.
“We do not need to know any other information about the phone – no phone number or SIM card number. Just by looking at the data, we can tell you which device it is coming from. It is almost like another identifier,” Dey informed.
The research also suggests that other sensors in the phone – gyroscopes, magnetometers, microphones, cameras and so forth – could possess the same types of idiosyncratic differences.
For smartphone users and e-book readers, smartwatch wearers and tablet devotees, perhaps the most critical take-home message is the importance of vigilance, the researchers noted.
The paper has been presented at the Network and Distributed System Security Symposium (NDSS), a major conference on wireless and web security.