Connect with us

Social

Android and iOS devices impacted by new sensor calibration attack

Published

on

A new device fingerprinting technique can track Android and iOS devices across the Internet by using factory-set sensor calibration details that any app or website can obtain without special permissions.

This new technique — called a calibration fingerprinting attack, or SensorID — works by using calibration details from gyroscope and magnetometer sensors on iOS; and calibration details from accelerometer, gyroscope, and magnetometer sensors on Android devices.

According to a team of academics from the University of Cambridge in the UK, SensorID impacts iOS devices more than Android smartphones. The reason is that Apple likes to calibrate iPhone and iPad sensors on its factory line, a process that only a few Android vendors are using to improve the accuracy of their smartphones’ sensors.

How does this technique work?

“Our approach works by carefully analysing the data from sensors which are accessible without any special permissions to both websites and apps,” the research team said in a research paper published yesterday.

“Our analysis infers the per-device factory calibration data which manufacturers embed into the firmware of the smartphone to compensate for systematic manufacturing errors [in their devices’ sensors],” researchers said.

This calibration data can then be used as a fingerprint, producing a unique identifier that advertising or analytics firms can use to track a user as they navigate across the internet.

Furthermore, because the calibration sensor fingerprint is the same when extracted using an app or via a website, this technique can also be used to track users as they switch between browsers and third-party apps, allowing analytics firms to get a full view of what users are doing on their devices.

In addition, the technique also does not pose any technical difficulties for the entity that does all the tracking.

“Extracting the calibration data typically takes less than one second and does not depend on the position or orientation of the device,” researchers said.

“We have also tried measuring the sensor data at different locations and under different temperatures; we confirm that these factors do not change the SensorID either,” they added.

The sensor calibration fingerprint also never changes, even after a factory reset, allowing tracking entities access to an identifier as unique and persistent as an IMEI code.

Further, this type of tracking is also silent and invisible to users. This is because apps or websites accessing sensor calibration details to compute a device’s fingerprint don’t need any special permission to do so.

Patched in iOS, but not Android

The three-person research team who discovered this new tracking vector said they notified both Apple and Google in August 2018, and December 2018, respectively

Apple patched this issue (CVE-2019-8541) with the release of iOS 12.2 in March this year by adding random noise to the sensor calibration output. This means that starting with iOS 12.2, iPhones and iPads will generate a new fingerprint with every sensor calibration query, making this type of user tracking useless.

Furthermore, to remove any other potential headaches, Apple also removed websites’ ability to access motion sensor data from Mobile Safari.

But while Apple was more prompt to fix this issue, Google was not, and only told researchers they would investigate.

This is most likely because iOS devices are more exposed to this type of tracking than Android smartphones, where a large chunk of the ecosystem is made up of low-cost devices that use uncalibrated motion sensors.

According to the research team, the tracking method they discovered was, indeed, more dangerous to Apple devices, mainly because of device homogeneity and Apple’s tendency to ship higher-quality handsets with very precise (calibrated) motion sensors.

However, similar top-range Android smartphones were also vulnerable. During their tests, researchers said their technique successfully generated sensor calibration fingerprints for Pixel 2 and Pixel 3 devices.

More details about this research are available in a whitepaper titled “SensorID: Sensor Calibration Fingerprinting for Smartphones,” that was presented yesterday at the IEEE Symposium on Security and Privacy 2019 (IEEE S&P’19).

A demo page where users can see if their device is vulnerable and generate a sensor calibration fingerprint is also available.

More vulnerability reports:

Source link

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Social

Twitter shuttering NY, SF offices in response to new CDC guidelines – TechCrunch

Published

on

Just two weeks after reopening its New York and San Francisco offices, social media giant Twitter said Wednesday that it will be closing those offices “immediately.”

The decision came “after careful consideration of the CDC’s updated guidelines, and in light of current conditions,” a spokesperson said.

“Twitter has made the decision to close our opened offices in New York and San Francisco as well as pause future office reopenings, effective immediately. We’re continuing to closely monitor local conditions and make necessary changes that prioritize the health and safety of our Tweeps,” the spokesperson added.

The company initially just reopened those offices on July 12. It declined to reveal headcount per office.

The CDC this week recommended that fully vaccinated people begin wearing masks indoors again in places with high Covid transmission rates amid concerns about the highly contagious Delta variant.

Earlier today, TechCrunch’s Brian Heater reported that Google CEO Sundar Pichai announced that the company will require employees to be vaccinated before returning to work on-site. It was part of a larger letter sent to Google/Alphabet staff that also noted the company will be extending its work-from-home policy through October 18, as the COVID-19 delta variant continues to sweep through the global population.

In a message to TechCrunch, Facebook’s VP of People, Lori Goler, confirmed a similar policy for the social media behemoth.

Amazon also responded to TechCrunch’s inquiry on the matter, noting, “We strongly encourage Amazon employees and contractors to be vaccinated as soon as COVID-19 vaccines are available to them.”

Continue Reading

Social

Snapchat adds My Places feature to Snap Map, recommending spots to visit – TechCrunch

Published

on

As more people are venturing out into the world this summer (safely, we hope!), Snapchat wants to make it easier for people to find restaurants, stores, parks and other interesting spots in their neighborhood. Today, Snapchat is starting to roll out the My Places feature on its Snap Map, which connects users with over 30 million businesses. Users can log their favorite spots, send them to friends, and find recommendations.

My Places has three main tabs: visited, favorites and popular. Visited lists places you’ve checked into on Snapchat, and favorites saves, well, your favorites. But the popular tab is particularly interesting because it marks the first time that Snapchat is using an algorithm to provide personalized recommendations to help people engage with the world around them. The algorithm considers where you are, what you’ve tagged or favorited already, and where your friends and other Snapchatters have visited.

This further differentiates the social-forward Snap Map from more established resources like Google Maps and Apple Maps, which you can’t really use to find out what restaurants your friends like. Sure, Snapchat can’t give you directions to that trendy sushi bar, but it’s not meant to, just like how Google Maps isn’t meant to show you what bar all your friends went to without you last night.

Image Credits: Snapchat

Snapchat shared survey results indicating that its users are more likely on average to engage in “post-pandemic” activities (is that a good thing?) and added that 44% of Snapchatters turn to the Snap Map to find places around them that they’re interested in.

With over 250 million monthly active users on Snap Map, the company announced an update in May called Layers, which lets partner companies add data directly to their own map. So far, Snapchat has collaborated with Ticketmaster and The Infatuation, a restaurant recommendation website — these partnerships help users see where they can find live entertainment, or what great restaurants are hidden in plain sight. Snapchat plans to further integrate Layers into Snap Map and My Places later this year.

Last week, Snap announced that during Q2 this year, it grew both revenue and daily active users at the highest rates it has achieved in the last four years. Year over year, the app grew 23%.

Continue Reading

Social

Facebook warns of ‘headwinds’ to its ad business from regulators and Apple – TechCrunch

Published

on

Facebook posted its second quarter earnings Wednesday, beating expectations with $29 billion in revenue.

The world’s biggest social media company was expected to report $27.8 billion in revenue for the quarter, a 50 percent increase from the same period in 2020. Facebook reported earnings per share of $3.61, which also bested expectations. The company’s revenue was $18.6 billion in the same quarter of last year.

In the first financial period to really reflect a return to quasi-economic normalcy after a very online pandemic year, Facebook met user growth expectations. At the end of March, Facebook boasted 2.85 billion monthly active users across its network of apps. At the end of its second quarter, Facebook reported 2.9 billion monthly active users, roughly what was expected.

The company’s shares opened at $375 on Wednesday morning and were down to $360 in a dip following the earnings report.

In spite of a strong quarter, Facebook is warning of change ahead — namely impacts to its massive ad business, which generated $28.5 billion out of the company’s $29 billion this quarter. The company specifically named privacy-focused updates to Apple’s mobile operating system as a threat to its business.

“We continue to expect increased ad targeting headwinds in 2021 from regulatory and platform changes, notably the recent iOS updates, which we expect to have a greater impact in the third quarter compared to the second quarter,” the company stated its investor report outlook.

On the company’s investor call, Facebook CEO Mark Zuckerberg pointed to Facebook’s plans to reduce its reliance on ad revenue, noting the company’s expanded efforts to attract and support content creators and its e-commerce plans in particular. “We want our platforms to be the best place for creators to make a living,” Zuckerberg said, adding that the company plans to monetize creator tools starting in 2023.

Zuckerberg also emphasized Facebook’s grand aspirations for social experiences in VR. “Virtual reality will be a social platform, which is why we’re so focused on building it,” Zuckerberg said.

No matter what Facebook planned to report Wednesday, the company is a financial beast. Bad press and user mistrust in the West haven’t done much to hurt its bottom line and the company’s ad business is looking as dominant as ever. Short of meaningful antitrust reform in the U.S. or a surging competitor, there’s little to stand in Facebook’s way. The former might still be a long shot given partisan gridlock in Congress, even with the White House involved, but Facebook is finally facing a threat from the latter.

For years, it’s been difficult to imagine a social media platform emerging as a proper rival to the company, given Facebook’s market dominance and nasty habit of acquiring competitors or brazenly copying their innovations, but it’s clear that TikTok is turning into just that. YouTube is huge, but the platforms matured in parallel and co-exist, offering complementary experiences.

TikTok hit 700 million monthly active users in July 2020 and surpassed three billions global downloads earlier this month, becoming the only non-Facebook owned app to do so, according to data from Sensor Tower. If the famously addictive short form video app can successfully siphon off some of the long hours that young users spend on Instagram and Facebook’s other platforms and make itself a cozy home for brands in the process, the big blue giant out of Menlo Park might finally have something to lose sleep over.

Continue Reading

Trending