New Report Shows How Sensors Data Can Be Exposed by Mobile Sites

Mobile Websites Can Be Abused auf sensible Sensoren Data Leak

Ein Team von Sicherheitsexperten hat aufgedeckt, dass mobile Websites missbraucht werden können empfindliche Sensoren Daten lecken. Der Bericht mit dem Titel “Die sechste Web-Sense” zeigt die Auswirkungen auf den Datenschutz und wie genau kann dies durch böswillige Benutzer verwendet werden,.

Mobile Sites Can Expose Smartphone Sensors Data

Mobile sites can be abused to infect devices users using various ways — dangerous web elements, virus download scripts and cryptocurrency miners, but a new report sheds light on a new strategy. According to a team of security experts and their recently published paper called “Die sechste Web-Sense” the sites can be used to leak sensors data.

The web browsers on both Android and iOS require that the appropriate permissions for accessing sensors data is granted, this functionality is used to rotate the screen when the device is turned and for example. What’s more interesting is that they also allow developers access to the raw sensors data. This turns out to be a problematic area as various sites take advantage of this fact. A look at the top 100 000 sites as ranked by Alexa shows that insgesamt 3695 of them incorporate web sites scripts that in some way “tippen” the sensors data.

One of the most popular cases is the one associated with Google Maps usage — if it is opened in a web browser window it will request location data access. When granted this will additionally allow other sensors data to be collected — motion, lighting, proximity and etc for which there is no specific mechanism for notifying users or asking for their collection. In reality their collection is invisible to the users.

ähnliche Geschichte: iOS Apps Verpackt mit Standortdaten Monetisierung-Code

Malicious users can make use of such data in various scenarios — the ambient light detection may be used to check for web browsing habits while the motion sensors data can deduce PIN number entry and other user activities. The researchers deduce in their paper that if not fixed hackers can developer other mechanisms as well. They looked at nine browsers and analyzed how they handle sensors data: Rand, Safari, Firefox, Mutig, Focus, Chrom, UC Browser and Opera Mini. The data shows that only the mobile version of Firefox request additional permissions to access the light and proximity sensors. What’s more interesting is the fact that most of the popular tracking and ad blockers didn’t reliably block the scripts that request sensors data.

For more information on the topic you can read the whole Papier-.


Martin Beltov

Martin hat einen Abschluss in Publishing von der Universität Sofia. er schreibt gerne über die neuesten Bedrohungen und Mechanismen des Eindringens Als Cyber-Security-Enthusiasten.

Mehr Beiträge - Webseite

Folge mir:
ZwitschernGoogle plus

Schreibe einen Kommentar

Ihre E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind markiert *

Frist ist erschöpft. Bitte laden CAPTCHA.

Auf Facebook teilen Teilen
Loading ...
Empfehlen über Twitter Tweet
Loading ...
Share on Google Plus Teilen
Loading ...
Share on Linkedin Teilen
Loading ...
Empfehlen über Digg Teilen
Teilen auf Reddit Teilen
Loading ...
Empfehlen über Stumbleupon Teilen
Loading ...