The security risk most phones have that no one is talking about

If you or your children play games, track your steps or even monitor sleep with a tablet or phone, you could be putting your information at risk.

Researchers at the University of Illinois have discovered some alarming details about phone hardware called an accelerometer, which tracks the movement of a phone needed for some games and apps.

Researchers Sanorita Dey and Nirupam Roy said in a recent Science Daily article that microscopic “imperfections” created when accelerometers are manufactured inadvertently create “fingerprints” that can identify individual devices.

More than that, they can track those individual phones, since accelerometers record movement and transmit the information to a server.

So, in some apps, recording movement information on an accelerometer is like leaving a “real-time fingerprint,” potentially without a user’s knowledge. Because many apps have access to a phone’s accelerometer, this creates a security risk within the phone.

“Any app can share data without consent at any time,” Dey said. “By law, an app cannot share information without a user’s consent.”

Currently, there is no precedent for this kind of sharing, so there is no mandate, according to the Science Daily article.

The team conducted research on separate accelerometers used in many phones, 25 Android devices and some tablets over nine months. While the individual differences between accelerometer chips would take serious, in-depth analysis by a potential identity thief, experiments conducted on the phones found how easily information can be transmitted unintentionally.

Vibrations similar to those that alert a user to a message were counted as movement that the accelerometer is designed to detect.

“Even if you erase the app in the phone, or even erase and reinstall all software,” Roy said in the article, “the fingerprint still stays inherent. That’s a serious threat.”

And piracy of such information from a server wouldn’t be unheard of.

As the business world learned with the Target credit card hack during Black Friday last year, hackers can use any vulnerability to their advantage. In an article by Bloomberg News, although Target stores were prepared for a hack with new malware detection software, hackers still made off with “40 million credit card numbers … and 70 million addresses, phone numbers, and other pieces of personal information.”

Given the number of lawsuits (at least 90, Bloomberg reported) that stemmed from the incident, the technology industry should take note, especially with consumer concern over identity theft at an all-time high.

A study from the Pew Research Center said that 86 percent of Americans took steps “to remove or mask their digital footprints — ranging from clearing cookies to encrypting their email, from avoiding using their name to using virtual networks that mask their Internet protocol (IP) address.”

While this security issue hasn’t been publicly exploited yet, Roy and Dey say they’ve done their job at researchers.

“We try to outsmart hackers,” Roy said. ­­­

So what can consumers do to protect their information? Roy and Dey say the best approach is to research and be careful what kinds of apps and games you use, since not enabling location service may no longer be enough.

Email: chjohnson@deseretnews.com
Twitter: @ChandraMJohnson