Mobile Websites Can Access Your Phone’s Data Through Its Sensors
Many smartphones contain sensors that can measure how many steps you take, your oxygen levels, and even your heartbeat. These sensors can also help websites with screen orientation. This is when you tilt your phone sideways and the website changes to match your current layout. However, security researchers recently found that mobile websites are also using your device’s sensors to track your phone’s data, and there are no protections in place to help you.
How Mobile Websites Access Your Phone’s Data
Nikita Borisov, a researcher from the University of Illinois at Urbana-Champaign told Wired, “If you use Google Maps in a mobile browser, you’ll get a little popup that says, ‘This website wants to see your location,’ and you can authorize that. But with motion, lighting, and proximity sensors there isn’t any mechanism to notify the user and ask for permission, so they’re being accessed and that is invisible to the user. For this collection of sensors, there isn’t a permissions infrastructure.”
In many cases, this doesn’t present a problem since websites are using access to your phone’s sensors to enhance your experience. It’s also important to keep in mind the website only reads the sensors when you’re on it, so once you leave the website it shuts down the tracking scripts.
At the same time, these permissions, which you don’t have to authorize, could have some risky consequences when in the wrong hands.
The Risks Involved
First, it’s another way for companies to track you. A team of security researchers who discovered this trend found over 1,000 websites use sensor tracking as part of their analytics–this is where they receive information on you broken down into categories such as age, gender, location, length of time spent on the website, how many pages visited, etc.
This discovery somewhat surprised researchers. “I did not expect we would find thousands of sites and hundreds of domains that are engaged in using these sensors or that there’s a link between doing that and other stateless tracking approaches,” Borisov remarked to Wired.
“These are advanced techniques in browser fingerprinting.”
The researchers also found malicious websites could use sensors as a backdoor to try to steal information. One way they accomplish this according to Wired is by using the data for keylogging purposes. This is where they harvest information in an attempt to crack passwords or PIN numbers, and once they have access to those, then they can have a field day.
The other problem is there isn’t much we can do to block these permissions. The researchers noted that ad-blocking software didn’t stop the tracking scripts from working. Essentially, the best approach is to layer your information through the use of firewalls and virtual private networks.
In the meantime, if you have data loss occur due to malicious means we can help. Our team has extensive experience in recovering data. Allows us to put our expertise to work for you by contacting us today.