Emerging Tech

Blog archive
Runner with smartphone strapped to arm

The dark side of the Internet of Everything

We’re all learning about the dangers of big data.  You buy something on Amazon and suddenly all your contacts know about your purchase. 

Now it turns out that the simple act of turning on your cell phone exposes you to being tracked across the Internet – even if you have switched off location-based services. 

Researchers at the University of Illinois’ College of Engineering have discovered that, due to imperfections in manufacturing processes, cell phone sensors have unique characteristics that can be used to identify the phone.

If, for example, you’re driving  to the gym and use your phone to access check on traffic, that app reads data from the phone’s accelerometer.  When you arrive at the gym, data from the accelerometer is also used by an application on the treadmill that measures your gait and distance traveled.  If those two transmissions of accelerometer sensor data are compared, an analyst can determine that they came from the same phone.

In short, your cell phone transmits data as you move through the digital universe, leaving “fingerprints” that give information not only about your location but about your activities.

diagram explaining phone sensor fingerprints

While the researchers at the University of Illinois focused on accelerometer data, they say there’s no reason to believe other sensors in phones – gyroscopes, microphones, proximity sensors, pressure sensors, cameras, etc. – don’t leave similar fingerprints.  So the potential is there to link, identify and track an incredible amount of activity. 

What’s more, says principal researcher Nuripam Roy, the degree of expertise required to tap into this data is not very high. 

“Anybody with a little knowledge of statistics and a little knowledge of computer science can do it,” Roy said.  “As it can be done pretty easily, it’s a big concern.”

That’s especially true since laws and regulations haven’t kept up with the technologies.  “There is no regulation, no need to get permission to approach this kind of data,” Roy said.  “What we have shown is that this apparently benign-looking data can be as good as sharing the MIN [mobile identification number] number of a phone.”

The team tried to find ways to mask the identifying characteristics, without success.  “We couldn't find any reasonable way to wipe this off the sensor data,” Roy said.  “We need to keep in mind that the sensor data has functionality, so we can't process it too much or may become useless for the application.”

Roy added that there may be some ways to take advantage of the sensor fingerprints, such as using cell phones as identity cards.  But doing so in a secure way requires more research.

In the meantime, he said, manufacturers – and governments that regulate them – may want to consider the implications.  “We think that these idiosyncrasies in the sensors are coming from the factory production line,” Roy said.  “It may be that there will be more concern about those processes.” 

Can the manufacturing processes be changed to eliminate the fingerprints?  “We need more research,” Roy said. 

Posted by Patrick Marshall on May 13, 2014 at 6:23 AM


Featured

  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.