Wenyuan Xu received her B.S. degree in electrical engineering with the highest honor from Zhejiang University in 1998, an M.S. degree in computer science and engineering from Zhejiang University in 2001, and the Ph.D. degree in electrical and computer engineering from Rutgers University in 2007. She is a professor in the college of Electrical Engineering, Zhejiang University, and an associate professor in the Department of Computer Science and Engineering, University of South Carolina. Her research interests include wireless networking, network security and privacy. Dr. Xu is a co-author of the book Securing Emerging Wireless Systems: Lower-layer Approaches, Springer, 2009. She received the United State NSF Career Award in 2009 and was selected as the 1000 Young talents of China in 2012. She has served on the technical program committees for several IEEE/ACM conferences on wireless networking and security, and she currently serves as the associate editor of EURASIP Journal on Information Security, Ad Hoc & Sensor Wireless Networks (AHSWN).
[Abstract] As mobile begins to overtake the fixed Internet access, ad networks have aggressively sought methods to track users on their mobile devices. While existing countermeasures and regulation focus on thwarting cookies and various device IDs, this talk submits a hypothesis that smartphone/tablet accelerometers possess unique fingerprints, which can be exploited for tracking users. We believe that the fingerprints arise from hardware imperfections during the sensor manufacturing process, causing every sensor chip to respond differently to the same motion stimulus. The differences in responses are subtle enough that they do not affect most of the higher level functions computed on them. Nonetheless, upon close inspection, these fingerprints emerge with consistency, and can even be somewhat independent of the stimulus that generates them. Utilizing accelerometer fingerprints, a crowd-sourcing application running in the cloud could segregate sensor data for each device, making it easy to track a user over space and time. Such attacks are almost trivial to launch, while simple solutions may not be adequate to counteract them.