Your Phone's Sensor can be used to track you without your Permission using calibration fingerprinting attack, Says new study

Whether you are using iOS or Android device, you can be tracked without your permission according to the recent paper published by IEEE Security team.

Called Calibration Fingerprinting attack, this new type of attack can be executed with just the help of sensors like gyroscope and accelerometer found on your mobile. And they successfully overcame the problem of device not being stationary too.

Researchers says, your phone's sensors can be easily accessed, when you visit a website using java script and with the help of a native app and that is because it doesn't require any special permissions to access sensors despite several security features included in Android and iOS to prevent device fingerprinting. 

A calibration fingerprinting attack infers the predevice factory calibration data from a device by careful analysis of the sensor output alone. Such an attack does not require direct access to any calibration parameters since these are often embedded inside the firmware of the device and are not
directly accessible by application developers. We demonstrate the potential of this new class of attack by performing calibration fingerprinting attacks on the inertial measurement unit sensors found in iOS and Android devices.
Natural variation during the manufacture of embedded sensors means that the output of each sensor is unique and therefore they may be exploited to create a device fingerprint, explains the post.

They demonstrated the attack by generating GyroID for the device (which they accomplish for iOS using code written in swift) and even if there is any shake during the process of generation, it will analyse another 100 raw sample data, and if needed another 100 until it succeeds, and to complete all this data process requires just 0.01 Seconds explains the POC.

This new study shows how we are vulnerable to latest technologies, and explains the need for improvised security.

You can read this complete paper here.