olly - Fotolia
New research claims that a telephone's accelerometer be used to track the device owner. How does this work? Is there anything we can do to prevent the accelerometer from being used as an eavesdropping device?
Traditional telephones don't have an accelerometer or GPS, and the word "smartphone" doesn't fully capture the power and capabilities that people carry in their pocket every day. With this power comes new risks that users should weigh against the benefits.
In order for the accelerometer tracking to work, the attacker first needs to install malware on the target smartphone. This could be both a malicious or a functional app included in a legitimate app from a rogue library. This is similar to a side-channel attack that allows an attacker to track the mobile user. This type of eavesdropping uses machine learning to monitor the path of a phone through a train system. Since the train system is along a fixed path, it can calibrate the attack based on specific points.
Accelerometer tracking prevention is difficult and requires more than putting tape over the camera lens on the smartphone or laptop. It may be impossible to disable all of the different features on a smartphone that can be used to track someone. Not to mention that most users willingly give newly installed apps access to the sensors in the smartphone and increase the risk of tracking even more. The most effective method of preventing the accelerometer from being used by malware to track your users is to prevent the malware from getting installed on the device. Do this by only installing approved apps from authorized app stores and running a security tool -- such as antimalware -- to monitor for malware.
Ask the Expert:
Have a question about enterprise threats? Send it via email today. (All questions are anonymous.)
Check out this introduction to mobile device management products for enterprises
Learn about device tracking laws before you decide to keep an eye on users
Find out how to stop phone tracking and GPS data leakage
Dig Deeper on BYOD and mobile device security best practices
Related Q&A from Nick Lewis
Cloud penetration testing presents new challenges for information security teams. Here's how a playbook from the Cloud Security Alliance can help ... Continue Reading
Many cloud providers are tight-lipped about internal security control details. Learn how to evaluate cloud security providers with certifications and... Continue Reading
Enterprises new to the cloud can write new security policies from scratch, but others with broad cloud usage may need an update. Consider these ... Continue Reading