This clever attack allows someone to uniquely identify a phone when you visit a website, based on data from the accelerometer, gyroscope, and magnetometer sensors.

We have developed a new type of fingerprinting attack, the calibration fingerprinting attack. Our attack uses data gathered from the accelerometer, gyroscope and magnetometer sensors found in smartphones to construct a globally unique fingerprint. Overall, our attack has the following advantages:

The attack can be launched by any website you visit or any app you use on a vulnerable device without requiring any explicit confirmation or consent from you.

The attack takes less than one second to generate a fingerprint.

The attack can generate a globally unique fingerprint for iOS devices.

The calibration fingerprint never changes, even after a factory reset.

The attack provides an effective means to track you as you browse across the web and move between apps on your phone.

* Following our disclosure, Apple has patched this vulnerability in iOS 12.2.