Emerging Tech

Blog archive
Runner with smartphone strapped to arm

The dark side of the Internet of Everything

We’re all learning about the dangers of big data.  You buy something on Amazon and suddenly all your contacts know about your purchase. 

Now it turns out that the simple act of turning on your cell phone exposes you to being tracked across the Internet – even if you have switched off location-based services. 

Researchers at the University of Illinois’ College of Engineering have discovered that, due to imperfections in manufacturing processes, cell phone sensors have unique characteristics that can be used to identify the phone.

If, for example, you’re driving  to the gym and use your phone to access check on traffic, that app reads data from the phone’s accelerometer.  When you arrive at the gym, data from the accelerometer is also used by an application on the treadmill that measures your gait and distance traveled.  If those two transmissions of accelerometer sensor data are compared, an analyst can determine that they came from the same phone.

In short, your cell phone transmits data as you move through the digital universe, leaving “fingerprints” that give information not only about your location but about your activities.

diagram explaining phone sensor fingerprints

While the researchers at the University of Illinois focused on accelerometer data, they say there’s no reason to believe other sensors in phones – gyroscopes, microphones, proximity sensors, pressure sensors, cameras, etc. – don’t leave similar fingerprints.  So the potential is there to link, identify and track an incredible amount of activity. 

What’s more, says principal researcher Nuripam Roy, the degree of expertise required to tap into this data is not very high. 

“Anybody with a little knowledge of statistics and a little knowledge of computer science can do it,” Roy said.  “As it can be done pretty easily, it’s a big concern.”

That’s especially true since laws and regulations haven’t kept up with the technologies.  “There is no regulation, no need to get permission to approach this kind of data,” Roy said.  “What we have shown is that this apparently benign-looking data can be as good as sharing the MIN [mobile identification number] number of a phone.”

The team tried to find ways to mask the identifying characteristics, without success.  “We couldn't find any reasonable way to wipe this off the sensor data,” Roy said.  “We need to keep in mind that the sensor data has functionality, so we can't process it too much or may become useless for the application.”

Roy added that there may be some ways to take advantage of the sensor fingerprints, such as using cell phones as identity cards.  But doing so in a secure way requires more research.

In the meantime, he said, manufacturers – and governments that regulate them – may want to consider the implications.  “We think that these idiosyncrasies in the sensors are coming from the factory production line,” Roy said.  “It may be that there will be more concern about those processes.” 

Can the manufacturing processes be changed to eliminate the fingerprints?  “We need more research,” Roy said. 

Posted by Patrick Marshall on May 13, 2014 at 6:23 AM


Featured

  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.