Researchers at the Stanford Security Laboratory have discovered a series of security vulnerabilities in the sensor arrays endemic to most smartphones. They found that accelerometers, speakers and microphones can all be uniquely identified with specific devices, functioning the same way cookies do except they cannot currently be turned off.
The security vulnerability in accelerometers—the tiny motion detectors found in most mobile devices—lies in the fact that each one has unique imperfections that differ from device to device. A website can read an accelerometer’s motion, identify its “fingerprint”, and assign it a tag which the website can store on its own servers, allowing it to track the device.
The method may or may not already be in use by any advertising companies, spy agencies, or other parties, but the fact that the Stanford team has discovered it means it is likely that others have discovered the weakness. There is currently no mass-produced way to delete or mask the identity of an accelerometer.
The researchers also discovered that microphones and speakers have unique frequency response curves that can also be used to tag devices. To add more reason for concern, a research team in Germany even discovered that cell phone radio signals emit unique signatures due to interference from on-board power amplifiers, oscillators and signal mixers.