iOS exploit closed in iOS 12.2 let websites use motion sensors to 'fingerprint' devices
Though already patched on iPhones and iPads, University of Cambridge researchers say they've developed a hacking technique that can "fingerprint" a person by way of motion sensors.
If successful the attack makes it possible to track someone across both apps and the Web, so long as they use the compromised device. There are no known instances of it being used in the real world, but at least 2,653 websites are collecting motion data, and it's believed the Cambridge technique can be applied retroactively.
Apple was notified about the problem in August and fixed it in March's iOS 12.2, using a suggestion to add random noise to ADC outputs. Credited researchers include Cambridge's Jiexin Zhang and Alastair Beresford, as well as Polymath Insight Limited's Ian Sheret.
Google's Pixel 2 and 3 phones are said to remain vulnerable. No other tested Android phones have the problem, but some other factory-calibrated Android products could theoretically be exposed.