스마트폰의 보정 핑거프린팅 공격

ment 5/23 '19 posted 뉴스 IT

• 우리는 보정(calibration) 핑거프린팅 공격이라는 새로운 유형의 지문 공격을 개발했습니다.

• "iOS는 역사적으로 가속도계, 자이로 스코프 및 자력계에 대한 액세스를 제공했습니다."Alastair Beresford 박사는 The Register에 오늘 아침에 말했습니다.

• 캠브리지 대학 (Cambridge University)의 연구원은 장치의 가속도계, 자이로 스코프 및 자력계 센서에서 수집한 데이터를 검토하여 iPhone 및 iPad를 고유하게 식별할 수있는 독창적 방법을 발견했습니다.

• 센서의 장점은 모바일 장치의 매력을 증가시키는 수많은 앱에서 사용되기 때문에 액세스에 대한 특정 사용 권한이 필요하지 않다는 것입니다.

• 케임브리지 대학의 연구자들은 오늘날 그들의 핑거프린팅 기술이 장치 고유의 가속도계 보정 데이터를 추론하는 악마같이 영리한 방법을 사용하는 방법을 설명하며 보안 및 개인 정보 보호에 관한 IEEE 심포지엄에 논문을 발표 할 것입니다.

• 우리의 공격은 스마트폰에서 발견되는 가속도계, 자이로 스코프 및 자력계 센서에서 수집한 데이터를 사용하여 전 세계적으로 유일한 지문을 만듭니다.

• * 공장 초기화 후에도 보정 핑거프린팅은 변경되지 않습니다.

Fingerprinting iPhones This clever attack allows someone to uniquely…

Fingerprinting iPhones [www.schneier.com]

Your iPhone can be uniquely fingerprinted by apps and websites in…

iPhone gyroscopes, of all things, can uniquely ID handsets on anything earlier than iOS 12.2 [www.theregister.co.uk]

…

Fingerprinting iPhones with the built-in gyroscope [www.grahamcluley.com]

Researchers at Cambridge University have determined that attackers could use the built-in motion…

Attackers Could Use Mobile Device Sensors to Generate Unique Device Fingerprint: Research [www.securityweek.com]

When you visit a website, your web browser provides a range of information to the website,…

Calibration Fingerprint Attacks for Smartphones [www.lightbluetouchpaper.org]

In a new paper for IEEE Security, a trio of researchers (two from Cambridge, one…

In less than one second, a malicious web-page can uniquely fingerprint an Iphone, Pixel 2 or Pixel 3 without any explicit user interaction [boingboing.net]

https://www.zdnet.com/article/android-and-ios-devices-impacted-by-new-sensor-calibration-attack/

…

Android and iOS devices impacted by new sensor calibration attack [www.zdnet.com]

newest replies popular replies

Open Wiki - Feel free to edit it. -

5/23 '19 answered

Apple now also blocks websites from accessing motion sensor data via Mobile Safari.

All in all, SensorID is quite dangerous, as privacy-focused browsers, ad blockers, and other anti-fingerprinting techniques can't block this type of fingerprintinghttps://t.co/WUsZVI0DuH pic.twitter.com/9aE9y12ywh
— Catalin Cimpanu (@campuscodi) May 22, 2019

This new attack/fingerprinting method is named SensorID.

It works by extracting "sensor calibration details" from a device's firmware. These are unique per device and can generate an identifier as unique and persistent as an IMEI code.

See image below for more: pic.twitter.com/VUphH71hYC
— Catalin Cimpanu (@campuscodi) May 22, 2019

Apple patched iOS against SensorID fingerprinting in iOS 12.2, released in March.

Google is still investigating, but the number of impacted Android devices is low, as very few Android OEMs calibrate motion sensors for their devices.https://t.co/WUsZVI0DuH pic.twitter.com/WBm8MAX7B1
— Catalin Cimpanu (@campuscodi) May 22, 2019

Fingerprinting iPhones https://t.co/y0CpLxBoRU
— Schneier Blog (@schneierblog) May 22, 2019

Fingerprinting phoneshttps://t.co/z3AgqxiAsO
— Data Privacy (@data_tip) May 22, 2019

Fingerprinting iPhones https://t.co/51tG802lJO
— Nicolas Krassas (@Dinosn) May 22, 2019

Your iPhone can be uniquely fingerprinted by apps and websites in a way that you can never clear. Not by deleting cookies, not by clearing your cache, not even by reinstalling iOS. https://t.co/RYLKyiXXTv via @theregister
— stéphane koch (@stephanekoch) May 22, 2019

iPhone gyroscopes, of all things, can uniquely ID handsets on anything earlier than iOS 12.2 https://t.co/dHioAzrLg4 #infosec pic.twitter.com/u4vdT5VdnM
— #AI (@AI__TECH) May 22, 2019

Also, our work has been covered by @GazTheJourno for @TheRegister https://t.co/q8P12Kloal
— Alastair Beresford (@arberesford) May 21, 2019

This research could lead down some interesting paths. #ios #dfir https://t.co/MBg7l6HcRG
— ???? ?????? (@pr3cur50r) May 21, 2019

A brilliant example of the law of unintended consequences.https://t.co/x78o7120Rv
— Victoria Stamps (@AlmostSenseless) May 22, 2019

Fingerprinting iPhones with the built-in gyroscope https://t.co/oxrLLEO7uu via gcluley
— BrianHonan (@BrianHonan) May 22, 2019

Calibration fingerprint attacks for smartphones, which can be used to track you across websites in seconds, disclosed by @jz448, @arberesford & @PolymathInsight https://t.co/hQWZP7JETA
— Dr Alice Hutchings (@message4bob) May 21, 2019

Today @jz448 presented our fingerprinting attack @IEEESSP. We can build an identifier for iOS devices when the user visits a website or starts an app. It takes less than one second, no user interaction needed. Apple fixed in iOS 12.2, so update now.https://t.co/u2F5GoBw2s
— Alastair Beresford (@arberesford) May 21, 2019

In less than one second, a malicious web-page can uniquely fingerprint an Iphone, Pixel 2 or Pixel 3 without any explicit user interactionhttps://t.co/in485vkgQa pic.twitter.com/8KvgKM5jTo
— Masque of the Red Death (@doctorow) May 22, 2019

NEW: Android and iOS devices impacted by new sensor calibration attackhttps://t.co/WUsZVI0DuH pic.twitter.com/rDIdaXpJwA
— Catalin Cimpanu (@campuscodi) May 22, 2019

"A new device fingerprinting technique can track #Android and #iOS devices across the Internet by using factory-set sensor calibration details that any app or website can obtain without special permissions." #privacy #infosec https://t.co/UaqEP0VlUO
— Alasdair Allan (@aallan) May 22, 2019

Android and iOS devices impacted by new sensor calibration attack https://t.co/njTekggUoc by @campuscodi
— ZDNet (@ZDNet) May 22, 2019

permanent link

Open Wiki - Feel free to edit it. -

5/23 '19 answered

In less than one second, a malicious web-page can uniquely fingerprint an Iphone, Pixel 2 or Pixel 3 without any explicit user interaction https://t.co/CCPuLuOG4K #Cybersecurity #cybercrime #cyberattacks #hacker #hack #breach #phishing #dos #ransomware #malware #virus #apt pic.twitter.com/4Fs37wFvGw
— Rich Tehrani (@rtehrani) May 22, 2019

#Android and #iOS devices impacted by new sensor calibration attack https://t.co/A9YtnJsvrr via @ZDNet & @campuscodi #mobile #security
— Gary Davis (@garyjdavis) May 22, 2019

Nuke JavaScript from orbit. It's the only way to be sure.https://t.co/pXlqDbq8je
— Eric Lawrence ? (@ericlaw) May 23, 2019

Android and iOS devices impacted by new sensor calibration attack | ZDNet https://t.co/mgw1XbjZWf
— Robert Alai (@RobertAlai) May 22, 2019

permanent link

Featured

Important Notice: Discontinuation of Our Wiki Service

Dear Valued Users,

We hope this message finds you well. We are writing to inform you of an important upcoming change to our services. After careful consideration and analysis, we have made the difficult decision to discontinue our wiki site, effective one month from 2024/04/30.

This was not an easy decision to make, as we understand the importance of the resources and community that have been built around our wiki. However, due to evolving market conditions and strategic realignments, we must redirect our resources and efforts towards other ventures that will allow us to serve you better in the future.

What This Means for You:

Access to Content: You will continue to have full access to all content on the wiki until the discontinuation date. We encourage you to save or migrate any content you wish to retain.
Final Date of Service: The wiki will become inaccessible starting 1st June 2024, after which all content will be permanently removed.

We are immensely grateful for the support and contributions of our user community throughout the years. The wiki is being retired, but our team will be back soon with new services and apps.

Thank you for being a part of our journey.

Warm regards,

editoy Inc.

Related

Featured