What's the best way to prevent accelerometer tracking?

New research claims that a telephone's accelerometer be used to track the device owner. How does this work? Is there anything we can do to prevent the accelerometer from being used as an eavesdropping device?

Traditional telephones don't have an accelerometer or GPS, and the word "smartphone" doesn't fully capture the power and capabilities that people carry in their pocket every day. With this power comes new risks that users should weigh against the benefits.

In order for the accelerometer tracking to work, the attacker first needs to install malware on the target smartphone. This could be both a malicious or a functional app included in a legitimate app from a rogue library. This is similar to a side-channel attack that allows an attacker to track the mobile user. This type of eavesdropping uses machine learning to monitor the path of a phone through a train system. Since the train system is along a fixed path, it can calibrate the attack based on specific points.

Accelerometer tracking prevention is difficult and requires more than putting tape over the camera lens on the smartphone or laptop. It may be impossible to disable all of the different features on a smartphone that can be used to track someone. Not to mention that most users willingly give newly installed apps access to the sensors in the smartphone and increase the risk of tracking even more. The most effective method of preventing the accelerometer from being used by malware to track your users is to prevent the malware from getting installed on the device. Do this by only installing approved apps from authorized app stores and running a security tool -- such as antimalware -- to monitor for malware.

Ask the Expert:
Have a question about enterprise threats? Send it via email today. (All questions are anonymous.)