This clever attack allows someone to uniquely identify a phone when you visit a website, based on data from the accelerometer, gyroscope, and magnetometer sensors.
We have developed a new type of fingerprinting attack, the calibration fingerprinting attack. Our attack uses data gathered from the accelerometer, gyroscope and magnetometer sensors found in smartphones to construct a globally unique fingerprint. Overall, our attack has the following advantages:
The attack can be launched by any website you visit or any app you use on a vulnerable device without requiring any explicit confirmation or consent from you.
The attack takes less than one second to generate a fingerprint.
The attack can generate a globally unique fingerprint for iOS devices.
The calibration fingerprint never changes, even after a factory reset.
The attack provides an effective means to track you as you browse across the web and move between apps on your phone.
* Following our disclosure, Apple has patched this vulnerability in iOS 12.2.