Tracking Mobile Web Users Through Motion Sensors: Attacks and Defenses

@inproceedings{Das2016TrackingMW,
  title={Tracking Mobile Web Users Through Motion Sensors: Attacks and Defenses},
  author={Anupam Das and Nikita Borisov and Matthew C. Caesar},
  booktitle={Network and Distributed System Security Symposium},
  year={2016}
}
Modern smartphones contain motion sensors, such as accelerometers and gyroscopes. These sensors have many useful applications; however, they can also be used to uniquely identify a phone by measuring anomalies in the signals, which are a result of manufacturing imperfections. Such measurements can be conducted surreptitiously by web page publishers or advertisers and can thus be used to track users across applications, websites, and visits. We analyze how well sensor fingerprinting works under… 

Smartphone Fingerprinting Via Motion Sensors: Analyzing Feasiblity at Large-Scale and Studing Real Usage Patterns

A large-scale user study is performed to demonstrate that motion sensor fingerprinting is effective with even 500 users, and a model is developed to estimate prediction accuracy for larger user populations, and the problem of developing fingerprinting countermeasures is considered.

Effective Mobile Web User Fingerprinting via Motion Sensors

  • Zhiju YangRui ZhaoChuan Yue
  • Computer Science
    2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE)
  • 2018
This paper investigates motion sensor based user fingerprinting attacks that can be pervasively performed to severely compromise the privacy of mobile web users and designs a framework with unified classifiers for effectively performing the attacks.

Every Move You Make: Exploring Practical Issues in Smartphone Motion Sensor Fingerprinting and Countermeasures

The feasibility of carrying out fingerprinting under real-world constraints and on a large scale, and the problem of developing fingerprinting countermeasures is considered; the usability of a previously proposed obfuscation technique and a newly developed quantization technique are evaluated via a large-scale user study.

Factory Calibration Fingerprinting of Sensors

It is found the calibration fingerprint is very likely to be globally unique for iOS devices, with an estimated 67 bits of entropy for the iPhone 6S, and analysed 146 Android device models from 11 vendors and found the attack also works on recent Google Pixel devices.

The Web's Sixth Sense: A Study of Scripts Accessing Smartphone Sensors

It is found that popular tracking protection lists such as EasyList and Disconnect commonly fail to block most tracking scripts that misuse sensors and even privacy-focused browsers fail to implement mitigations suggested by W3C, which includes limiting sensor access from insecure contexts and cross-origin iframes.

PIN Inference Attack: A Threat to Mobile Security and Smartphone-Controlled Robots

A potential misuse of technology where smartphones can be hacked by PIN Inference attack endangering the mobile security is presented and results prove that an adversary can make use of sensors’ data to infiltrate user’s sensitive information from smartphones.

Mitigating Location Privacy Attacks on Mobile Devices using Dynamic App Sandboxing

MATRIX is extensively evaluated using user studies, popular location-driven apps and machine learning techniques, and it is demonstrated that it is portable to most Android devices globally, is reliable, has low-overhead, and generates synthetic trajectories that are difficult to differentiate from real mobility trajectories by an adversary.

Mobile Device Identification via User Behavior Analysis

Sensor fingerprinting not only identifies devices but also makes it possible to create non-erasable fingerprints, which helps to ensure more intelligent, robust and reliable systems.

Finding the Stars in the Fireworks: Deep Understanding of Motion Sensor Fingerprint

This work designs a multi-LSTM neural network to fingerprint mobile device sensor in real-life uses and proposes a novel generative model to modify the original sensor data and yield anonymized data with little fingerprint information while retain good data utility.

Finding the Stars in the Fireworks: Deep Understanding of Motion Sensor Fingerprint

This work designs a multi-LSTM neural network to fingerprint mobile device sensor in real-life uses and proposes a novel generative model to modify the original sensor data and yield anonymized data with little fingerprint information while retain good data utility.
...

References

SHOWING 1-10 OF 57 REFERENCES

Exploring Ways To Mitigate Sensor-Based Smartphone Fingerprinting

A highly accurate fingerprinting mechanism is developed that combines multiple motion sensors and makes use of (inaudible) audio stimulation to improve detection and the impact of calibration and obfuscation techniques on the classifier accuracy is evaluated.

Mobile Device Identification via Sensor Fingerprinting

It is shown that the entropy from sensor fingerprinting is sufficient to uniquely identify a device among thousands of devices, with low probability of collision.

AccelPrint: Imperfections of Accelerometers Make Smartphones Trackable

This paper submits a hypothesis that smartphone/tablet accelerometers possess unique fingerprints, which can be exploited for tracking users, and believes that the fingerprints arise from hardware imperfections during the sensor manufacturing process, causing every sensor chip to respond differently to the same motion stimulus.

Two Novel Defenses against Motion-Based Keystroke Inference Attacks

Two novel approaches to defend against keystroke inference attacks are proposed: 1) Reducing sensor data accuracy; 2) Random keyboard layout generation are presented and shown how they significantly reduce the accuracy of key stroke inference attacks.

Acoustic Fingerprinting Revisited: Generate Stable Device ID Stealthily with Inaudible Sound

A new and more practical method for the adversaries to generate stable and unique device ID stealthily for the smartphone by exploiting the frequency response of the speaker and the results show the generated device ID can be used to track users practically.

Do You Hear What I Hear?: Fingerprinting Smart Devices Through Embedded Acoustic Components

This study studies the feasibility of using microphones and speakers embedded in smartphones to uniquely fingerprint individual devices, and identifies the prominent acoustic features capable of fingerprinting smart devices with a high success rate.

Remote physical device fingerprinting

Remote physical device fingerprinting is introduced, or fingerprinting a physical device, as opposed to an operating system or class of devices, remotely, and without the fingerprinted device's known cooperation, by exploiting small, microscopic deviations in device hardware: clock skews.

FPDetective: dusting the web for fingerprinters

The design, implementation and deployment of FPDetective, a framework for the detection and analysis of web-based fingerprinters, are reported on, showing that there needs to be a change in the way users, companies and legislators engage with fingerprinting.

Device Identification via Analog Signal Fingerprinting: A Matched Filter Approach

It is shown that Ethernet devices can be uniquely identified and tracked—using as few as 25 Ethernet frames—by analyzing variations in their analog signal caused by hardware and manufacturing inconsistencies.

The Web Never Forgets: Persistent Tracking Mechanisms in the Wild

The evaluation of the defensive techniques used by privacy-aware users finds that there exist subtle pitfalls --- such as failing to clear state on multiple browsers at once - in which a single lapse in judgement can shatter privacy defenses.
...