A team of researchers from the University of Cambridge (United Kingdom) discovered a new form of vulnerability that affects phones with iOS and Android, which allows users to be tracked through applications and Internet sites.
This new technique that forms fingerprints, called ‘SensorID’, works through the use of sensor calibration details, which can be accessed without special permits. For this, it uses data from the gyroscope and magnetometer in iOS devices, and the accelerometer, gyroscope and magnetometer in the Android.
According to the report, presented at the Symposium on Security and Privacy 2019 of the Institute of Electrical and Electronic Engineers (IEEE, for its acronym in English), which was held between Monday and Wednesday of this week in San Francisco (California, EE .UU.), The attack can be launched from any Internet site visited or any application used.
Once activated, the specialists detailed that it takes less than a second to generate a fingerprint. In addition, it is able to create a single footprint for iOS devices, which does not change even if the factory settings are restored. In this way, all phone movements can be tracked.
Faced with this development, Apple, whose phones are more vulnerable than Android, developed a security patch from its iOS 12.2 version. However, Google has not yet taken any action to mitigate this attack, although its Pixel 3 and 2 devices may be affected.
According to the specialists, Safari, Chrome, Firefox, Opera, Brave and Firefox Focus can suffer this type of attacks.