Tracking Mobile Web Users Through Motion Sensors: Attacks and Defenses presented at NDSS 2016

by Matthew Caesar, Nikita Borisov, Anupam Das,

Summary : Modern smartphones contain motion sensors, such as accelerometers and gyroscopes. These sensors have many useful applications; however, they can also be used to uniquely identify a phone by measuring anomalies in the signals, which are a result of manufacturing imperfections. Such measurements can be conducted surreptitiously by web page publishers or advertisers and can be used to track users across applications, websites, and visits.
We analyze how well sensor fingerprinting works under real-world constraints. We first develop a highly accurate fingerprinting mechanism that combines multiple motion sensors and makes use of audible and inaudible audio stimulation to improve detection. We evaluate this mechanism using measurements from a large collection of smartphones, in both lab and public conditions. We then analyze techniques to mitigate sensor fingerprinting either by calibrating the sensors to eliminate the signal anomalies, or by adding noise that obfuscates the anomalies. We evaluate the impact of calibration and obfuscation techniques on the classifier accuracy; we also look at how such mitigation techniques impact the utility of the motion sensors.