The constant war against security dangers with smartphones continues. A new vulnerability discovered by researchers at Cambridge University’s Computer Laboratory makes it possible to fingerprint a smartphone to track and record all its internet activity.

Called SensorID, the vulnerability utilizes the unique coding of the device’s firmware to create a digital ‘fingerprint’ of the phone. This data is particular to each device and is recorded by websites to identify users. This information can then be used to track that device digitally.

Smartphone Fingerprints

The vulnerability in question doesn’t use the fingerprint scanning data on the phone. Instead, it generates a ‘fingerprint’ of the phone’s firmware. Smartphones must be individually tweaked after production to smooth out variations in accelerometers, magnetometers, and others. This coding is unique to each phone and built into the firmware of the device.

Each phone’s fingerprint is unique and easy to access. By marking the fingerprint of the phone, hackers are able to follow the device anywhere it visits. Because the data is linked to the firmware of the phone, hard resets, different browsers, and memory cleaning do nothing to reduce the risk.

Apple and Android

The risk is most problematic for Apple and Android smartphones, which utilize this specific technology. All iPhones and some Android phones have the tracking fingerprint software already embedded.

The researcher team contacted Apple after its discovery. A new software update for iOS 12.2 contains a patch that protects the phone’s fingerprint data, however, users of some Android phones are still at risk.

Wallet Security

The fact that the phone can be tracked over internet sites without issue is concerning. An adept hacker could easily mimic the phone’s fingerprint, allowing for access to a website that was previously unknown.

Furthermore, hackers could easily track the internet activity of a phone and potentially gain access to hot wallets accessed from devices. Wallet security is already a complex issue, and the SensorID vulnerability is more reason for another layer of necessary protection.

Do you think the SensorID vulnerability provides another way for black hat hackers to access crypto wallets? Will the iPhone patch and future Android patches protect users? Let us know your thoughts in the comments below!