iOS exploit closed in iOS 12.2 let websites use motion sensors to 'fingerprint' devices

Though already patched on iPhones and iPads, University of Cambridge researchers say they've developed a hacking technique that can "fingerprint" a person by way of motion sensors.

The method uses JavaScript to collect accelerometer, gyroscope, and magnetometer data from smartphones when they visit an infected website, the researchers explain. This works in under 1 second, without requiring any consent, and creates a "globally unique fingerprint" for any impacted iOS device — even after a factory reset.

If successful the attack makes it possible to track someone across both apps and the Web, so long as they use the compromised device. There are no known instances of it being used in the real world, but at least 2,653 websites are collecting motion data, and it's believed the Cambridge technique can be applied retroactively.

Apple was notified about the problem in August and fixed it in March's iOS 12.2, using a suggestion to add random noise to ADC outputs. Credited researchers include Cambridge's Jiexin Zhang and Alastair Beresford, as well as Polymath Insight Limited's Ian Sheret.

Google's Pixel 2 and 3 phones are said to remain vulnerable. No other tested Android phones have the problem, but some other factory-calibrated Android products could theoretically be exposed.

5 Comments

skippingrock 199 comments · 19 Years

About 5 years ago

What sites are using motion data? How are they using it and why and can you block them from using it? Do you get a privacy request for these sites to use the motion sensors?

Johan42 163 comments · 6 Years

Amazing...not one person scorning Apple. Were this an article about Android or Facebook, you’d see 50 posts talking heaps of manure against them.

elijahg 2823 comments · 18 Years

Johan42 said:

Amazing...not one person scorning Apple. Were this an article about Android or Facebook, you’d see 50 posts talking heaps of manure against them.

Probably because this isn't an exploit/privacy issue exploited by Apple, as unlike Facebook and Google, Apple doesn't want this data. Facebook and Google are just as likely to built this into their products to extract more user data.

gracefullyparanoid 3 comments · 5 Years

Johan42 said:

Amazing...not one person scorning Apple. Were this an article about Android or Facebook, you’d see 50 posts talking heaps of manure against them.

Apple already fixed it and pushed the fix to their customers. They do that and almost all their users get the fix.

With android that is not so. Android's fix is almost always in the next OS update, that less than 10% of their users get, which means that most android users walk around with phones not updated. Google can blame the carriers, who in turn blame the manufacturers; lots of blame to go around but no one to solve the problem. For example, with BlueBorne virus, Apple patched and fixed it with iOS10, which was installed to almost all their devices. Google fixed it and pushed it to their pixel users (less than 1/2 of 1% of android users). The rest of android users continue to use compromised devices with no hope of a fix.

So in response to your comment, Apple fixes security issues and their customers actually get them. Hard to blame that.

elijahg said:

Johan42 said:

Amazing...not one person scorning Apple. Were this an article about Android or Facebook, you’d see 50 posts talking heaps of manure against them.

Probably because this isn't an exploit/privacy issue exploited by Apple, as unlike Facebook and Google, Apple doesn't want this data. Facebook and Google are just as likely to built this into their products to extract more user data.

Lol, that's not a bug or security flaw. That's a feature.

Share Your Thoughts on our Forums ->