We have developed a new type of fingerprinting attack, the calibration fingerprinting attack. Our attack uses data gathered from the accelerometer, gyroscope and magnetometer sensors found in smartphones to construct a globally unique fingerprint. Overall, our attack has the following advantages:Contact Us
* Following our disclosure, Apple has patched this vulnerability in iOS 12.2. I, and some people I know who are equally paranoid, don’t even use the browser on the cell phone except for very specific, pre-determined sites. (Yes those sites *could* do this, but the likelihood of being attacked by arbitrary JS reduces quite a bit. I’m not, of course, saying I knew of *this* specific attack. This is the result of just general paranoia. I wonder how common this is in the audience of this site (it’s of course hopeless to ask that for the general population!) Iphone hacks
- The attack can be launched by any website you visit or any app you use on a vulnerable device without requiring any explicit confirmation or consent from you.
- The attack takes less than one second to generate a fingerprint.
- The attack can generate a globally unique fingerprint for iOS devices.
- The calibration fingerprint never changes, even after a factory reset.
- The attack provides an effective means to track you as you browse across the web and move between apps on your phone.