The other day at the IEEE Symposium on Security and Privacy, a group of researchers from the Computer Laboratory of the University of Cambridge about a new vulnerability in smartphones that allowed and allows you to monitor users on the Internet. The discovered vulnerability turned out to be non-removable without the direct intervention of Apple and Google and was found in all iPhone models and only in a few models of smartphones running Android. For example, it is found in the Google Pixel 2 and 3 models.
Experts reported the discovery of the vulnerability to Apple in August last year, and Google was notified in December. The vulnerability was named SensorID and officially designated CVE-2019-8541. Apple in March with the release of a patch for iOS 12.2 eliminated the identified danger. As for Google, it has not yet responded to the identified threat. However, we repeat once again that if the SensorID attack was easily carried out on almost all models of Apple smartphones, then very few Android smartphones were found vulnerable to it.
What is SensorID? From the name it is easy to understand that SensorID is a unique identifier for sensors. A kind of digital signature of the device, which in most cases corresponds to a specific smartphone and, therefore, almost always belongs to a specific person.
Through the efforts of security researchers, such a signature was a set of data on the calibration of magnetometer, accelerometer and gyroscope sensors (for obvious reasons, the production of sensors is accompanied by a scatter of parameters). Calibration data is written into the firmware of the device at the factory, and allows you to improve the performance of smartphones with sensors - increase the positioning accuracy and response of the smartphone to movements. When viewing a page on the Internet using any browser or when launching an application, the smartphone in your hands rarely remains motionless. Sites freely read the calibration data to adjust to the smartphone and this happens almost instantly. This identifier can then be used to track the already defined user on other sites. Where does he go, what are his interests? Definitely, this method is good to use for targeted advertising. Also, by simple actions, such an identifier can be tied to a person with all the ensuing consequences.
The total vulnerability of Apple smartphones to the SensorID attack is explained by the fact that almost all iPhones can be classified as premium devices, the manufacture of which, including factory calibration of sensors, is of fairly high quality. In this case, this meticulousness let the company down. Even a factory reset does not erase the SensorID digital signature. Another thing is smartphones running Android. In the mass, these are inexpensive devices, the factory setting of which is rarely accompanied by sensor calibration. As a result, most Android smartphones do not have a conditional digital signature for the SensorID attack, although premium devices are guaranteed to be assembled with proper quality and can be attacked based on calibration data.
Source: 3dnews.ru