CampusLive Rebrands as Dailybreak, With $5 Million In New Funding And A New CEO Could Cloud Gaming Kill The Next-Generation Video Game Console? Was Ebay''s BillMeLater Acquisition A Huge Blunder? Facebook: No Chat For You Sony''s Crackle going to try its hand at original online content Facebook''s Project Palantir: Beautiful Visualization Of People Connecting Google SearchWiki Is Back. Here''s How To Kill It For Good. The Best This Kid Can Hope For Is A Takedown Demand Check Out Diggnation Today In BitGravity''s Multiview A Small Data Glitch At Facebook BitGravity Testing New "Multiview" Product; This Is How I Want To Watch Sports Yahoo Continues To Embrace This Openness Thing. Ebay Widget On Yahoo Home Page Kleiner Perkins, Salesforce, Put $10.5M In Supply Chain Management Platform Kenandy Mobile Ad Network Millennial Media Saw Nearly $50 Million In Revenue In 2010 The Jig Is Up: Delicious Founder''s Tasty Labs Debuts Q&A Meets Problem Solving Platform Local Business Reviews Site Angie''s List Files For $75 Million IPO Pandora Posts Record Revenue Of $67M In First Quarter As A Public Company Accel Puts Over $30M In Digital Marketing Platform For The Auto Industry Dealer.com Spotted: Uber Testing Its Disruptive Car Service In Chicago Skype Launches Third-Party App Directory Intuit Partners With Verizon Wireless To Sell Square-Competitor GoPayment At Retail Stores Apple''s COO Tim Cook Replaces Steve Jobs As CEO Mobile Payments Company Boku Expands Direct Carrier Billing Deals In France Social Enterprise Company Jive Files For $100M IPO; 2010 Revenue Was $46M Zillow''s Q2: Revenues Up 116 Percent To A Record $15.8M, Hits Profitability Lunch Money Debuts Monetization Platform For Mobile App Game Developers Pixable Adds Twitter To Intelligent Social Photo And Video Aggregator Use Yammer Connect To Integrate Log-Ins And Feeds Into Third-Party Applications Sequoia-Backed Inkling Updates iPad E-Textbook Platform With Collaborative Study Groups And More Millennial: Android Tops iOS For The Eighth Month With 61 Percent Of Mobile Ad Impressions In July Metaswitch Networks acquires Colibria to help operators turn up the heat in mobile messaging Online travel company Oktogo.ru raises $5m Mobile ad network madvertise puts down roots in UK, Spain and Italy HouseTrip raises $2.7m from Index Ventures, relaunches today Tech City Launchpad - £1m in match-funding for startups in Silicon Roundabout Two is better than one? Bigpoint appoints co-CEO Online pawn broker Borro raises £7.5m led by Augmentum Capital Email ad network ividence raises $4.2 million in Series A Diagnosia aims to make medicine information easier to swallow Photocollect offers a way to create photo and video albums around events Social recruitment site Bright Network secures £300k in Angel funding BaseKit raises a further $6.5m for its website creation service Can I get a receipt for that? Plendi secures €50k seed investment from Enterprise Ireland Collective buys online video ad network Web TV Enterprise MobiCart secures $500k seed round 7digital bags new Radiohead album as a download exclusive Utopic finds an Angel in Skype chief technical architect Ahti Heinla Finally! Vouchercloud brings its local discounts to Android Europe''s Wooga moves up the social gaming leader-board but Silicon Valley dominates Wuala brings its secure P2P online storage to iPhone
漂流瓶终于彻底拜拜 微信7.0.4新版体验
微信漂流瓶被玩坏了 聊聊漂流瓶里那些事
微信关闭漂流瓶 它曾经满足了我们对世界的好奇
微信暂停漂流瓶功能:对色情内容零容忍
[视频]惠普Chromebook x360 14 G1评测:搭载Chrome OS的商务变形本
特斯拉:北京客户可三年免息融资购车并免费租赁车牌
借贷宝:停止催收百名裸条女大学生 未满23岁将不得借贷
京东白条多地频现盗刷 消费者遭催收公司“逼债”
借款野蛮催收行为将被规范 真是几家欢喜几家愁
为规范网贷催收 上海互金协会发行业倡议书
腾讯解释为什么微信没有夜间模式 真相你相信吗?
一张发行8年的微信唱片:只收录了4首歌曲


漂流瓶终于彻底拜拜 微信7.0.4新版体验
微信漂流瓶被玩坏了 聊聊漂流瓶里那些事
微信关闭漂流瓶 它曾经满足了我们对世界的好奇
微信暂停漂流瓶功能:对色情内容零容忍
[视频]惠普Chromebook x360 14 G1评测:搭载Chrome OS的商务变形本
特斯拉:北京客户可三年免息融资购车并免费租赁车牌
借贷宝:停止催收百名裸条女大学生 未满23岁将不得借贷
京东白条多地频现盗刷 消费者遭催收公司“逼债”
借款野蛮催收行为将被规范 真是几家欢喜几家愁
为规范网贷催收 上海互金协会发行业倡议书
腾讯解释为什么微信没有夜间模式 真相你相信吗?
一张发行8年的微信唱片:只收录了4首歌曲


一指纹识别技术漏洞曝光:可跟踪Android和iOS设备

当前位置: 艾金森 > 门户 > 新闻

点击量 5
编辑: 1   作者: cnbeta   时间: 2019/05/23 09:06/00  

据美国科技媒体ZDNet报道,一项新的设备指纹识别技术可以使用出厂时设置的详细传感器校准信息,跟踪互联网上的Android和iOS设备,任何应用或网站都可以在没有特殊权限的情况下获取这些信息。这种新技术称为校准指纹识别攻击或SensorID,它通过使用iOS上的陀螺仪和磁力计传感器的校准细节来实现;也可以使用Android设备上的加速度计、陀螺仪和磁力计传感器的校准细节。

(题图 via ZDNet)

根据英国剑桥大学的一个学术团队的说法,SensorID对iOS设备的影响大于对Android设备的影响。

原因是苹果喜欢在其工厂生产线上校准iPhone和iPad传感器,但却只有少数Android供应商通过这一过程来提高智能手机传感器的准确性。

研究小组在昨天发表的一份研究报告中说:“我们的方法是通过仔细分析来自传感器的数据,这无需对网站和应用程序提供任何特殊许可即可访问。”

“我们的分析推断出制造商嵌入到智能手机固件中的每个设备的工厂校准数据,他们通过这种方法来补偿系统制造失误。”研究人员说。

然后,该校准数据可以当做指纹,产生唯一标识符,广告或分析公司可以使用该标识符来跟踪用户的上网情况。

SensorID - Sensor Calibration Fingerprinting for iOS Devices(via)

此外,由于校准传感器指纹在使用应用程序或网站提取时都是相同的,因此该技术还可用于跟踪用户在浏览器和第三方应用程序之间的切换,允许分析公司全面了解用户的设备使用情况。

“提取校准数据通常需要不到一秒的时间,并且不依赖于设备的位置或方向。”研究人员说,“我们还尝试在不同位置和不同温度下测量传感器数据,我们确认这些因素也不会改变SensorID。”

即使在重置出厂设置之后,传感器校准指纹也永远不会改变,从而允许跟踪实体把访问标识符作为不变的唯一IMEI码。

此外,由于无需获取特殊权限,因此用户无法察觉这种类型的跟踪。

发现这种新跟踪载体的三人研究小组表示,他们分别于2018年8月和2018年12月通知了苹果和谷歌。

苹果在今年3月发布iOS 12.2修补了这个问题。但谷歌只告诉研究人员他们会展开调查。之所以出现这种情况,很可能是因为iOS设备比Android智能手机更容易受到这种类型的跟踪。