Slashdot Mirror
Sensor Characteristics Uniquely Identify Individual Phones
An anonymous reader writes "SFGate reports that Stanford researchers have figured out a way to generate a unique fingerprint from a cell phone's suite of built-in sensors. The tiny accelerometers, gyroscopes, microphones, and speakers in cell phones have characteristics that vary slightly from handset to handset, and these variations may contain enough information to uniquely identify a given handset. How that information might get from the phone to a third party varies (the article describes a JavaScript snippet reading the Z-axis accelerometer, though it says little about how the user might block such information from being read), but the possibility for abuse is certainly troubling."
Now I have to drop my phone from time to time to fool the NSA.
Cell phones have been identifiable by RF fingerprinting for many, many years.
Was a common anti-fraud technique in the analog cellular days.
The possibility for abuse is troubling. Really?
Android: android.telephony.TelephonyManager.getDeviceId()
iOS: NSString* uniqueID = [UIDevice currentDevice].uniqueIdentifier;
WindPhone: Dunno don't do anything for it, I assume it's part of the API as well.
So yes, tell me more about this "troubling" ability to build a fingerprint of questionable accuracy on a device to uniquely ID it even when you can just READ THE UNIQUE DEVICE ID right from it to start with.
How long before we have Minority Report type crimes?
"Sir, you're going to have to have to come with us. Our metadata surveillance indicates you are likely to commit a crime, and our tracking of your phone indicates you were recently at a hardware store. We need to take you to the internment camp."
Some days I just want to turn into Reg the Blank and hide.
When they can know everything about you even when you've done nothing wrong, you're not so much free anymore as you are being allowed to pretend you are until such time as they decide to cart you off.
Lost at C:>. Found at C.
A statistical analysis of your online writing-style identifies you. CCTV cameras identify you from your gait (the "way you walk"). And now your smartphone sensors give away what smartphone you are using (... useful to "backdoor" the device, I presume?). My question to these scientist: Why do you create this tech? Do you not care about the privacy of the common man, or indeed the technological future your children will be forced to live in? My 2 Cents on this, and similar efforts to "ID people"....
Why did the chicken cross the road? Because Elon Musk put an AI chip in its head.
Does the MAC ever leave the local network? (Honest question; from my understanding it is only needed in the local network, so propagating it further makes no sense, but then, I'm no networking expert)
It does if an app running on the phone sends it outside the network.
I was of the impression that anything that accesses the cell network already has a unique IMEI adddress and that devices that access networks have a unique MAC address. What does this provide that they don't? It would seem this information could be spoofed at least as easily as such hardware addresses.
Every mobile phone, GSM modem or device with a built-in phone / modem has a unique 15 digit IMEI number.
Because there are lots of people who want PhD:s, but not a lot of creativity to go around and even less funding to go around for creative and truly novel projects
You can bet that this has already been done in the industry so it's not like they're inventing anything that doesn't already exist.
By the way, it ought to be reasonably straightforward to get a fingerprint out of the totality of sensor data that a phone generates during the course of a week or so even if the sensors were flawless. After all, we all have different habits, different gaits, etc. Odds are someone is already doing that.
If you look at the graph in the article (which talks about flipping the phone, but seems to actually be measurements of flat vs standing vertical), the variations are constrained to be (in the Sz axis) from 0.994 to 1.004, or a variation of 0.008, and the Sz repeatability is worse than 0.00025. So, this would work if the number of phones was ~ 30, but would be "confusion limited" for a larger number. Likewise, in the Oz axis the (different ?!?) units run from -0.2 to 0.4, a variation of 0.6, and the uncertainty is > 0.02, so the number of phones that could be distinguished is ~ 30. Combine these two axes, and no more than ~ 30^2 or 900 phones could be distinguished. There are obviously more than 900 phones in the world.
Even if all 3 sensors are independent and equally sensitive, that only gets you the ability to track 900^3 or ~ 700 million devices, which is a lot, but still likely not enough, as the distribution of errors is not likely to be uniform, but gaussian or some other distribution, and that will lower the effective sensitivity, as would any correlation between the sensor errors.
Note also that quartz crystals (I believe that these are piezoelectric sensors) are notorious not only for being individually imperfect, but also for drifting with time and (especially) temperature, which might also substantially reduce repeatability.
So, I suspect this is not likely to work well in practice.
What this could do is make the rare phone (one with by chance a particularly bad sensor) easily identifiable...
And here I lose some karma for being an Apple fanboi, but...
At least in recent iOS, the device’s MAC addresses (both BT and WiFi) are not accessible to third-party apps. Best you can get is the new “advertising identifier” as of iOS 6.x which is unique only to the particular application and randomly generated for each app. So your app can track the user while it’s running, but you can’t correlate that to data collected from other apps nor is there any equivalent in a web-based app (other than plain old cookies).
IAMA scientist who creates such things. So here's my answer to your question: we create this kind of tech to allow law enforcement to identify individuals (in a very broad sense of all these terms), so we can lock them in (this is supposed to be very unsurprising).
If the tech in question is "fingerprint" (real ones, with your fingers), law enforcement is "police" (and not military/counter-terrorism/political) and individual is "criminal", I think pretty much everybody agrees that it is a good thing (you might be tempted to say otherwise, but imagine we're talking about someone you know/love having been assaulted/killed).
Crime happens where people are (e.g. homes, train stations, internet), and criminals use the same tools as we all do (e.g. screwdrivers, cutters, smartphones, etc.). If criminals move, law enforcement must be able to follow them (that's why police officers have powerful cars that exceed speed limits, btw). If the criminals start using smartphones, law enforcement starts using smartphones as a mean to identify/follow/[...] them. Or let them go - but this is something you'll have to explain to your children when they get robbed (or worse).
So, there is nothing new in creating new identification means - it has always happened, and will always do.
Now, the real concern is the way this kind of technology can be misused and abused (e.g. by governments or secret agencies). The question is not new at all, and people from all generations have had to take a stance on this - most of the times, in a democratic, free country, by going for a middle-ground approach (e.g. we collect the DNA of offenders, but are not allowed to keep them more than X years, and an independent supervisor makes sure the data does not leak, etc.)