- From: Michael[tm] Smith <mike@w3.org>
- Date: Tue, 11 Aug 2015 18:20:08 +0900
- To: "Maryam Mehrnezhad (PGR)" <m.mehrnezhad@newcastle.ac.uk>
- Cc: "public-geolocation@w3.org" <public-geolocation@w3.org>
Received on Tuesday, 11 August 2015 09:20:34 UTC
"Maryam Mehrnezhad (PGR)" <m.mehrnezhad@newcastle.ac.uk>, 2015-08-10 13:08 +0000: > Archived-At: <http://www.w3.org/mid/DB5PR07MB09498349940B81103B562379DB700@DB5PR07MB0949.eurprd07.prod.outlook.com> > > Dear Sir/ Madam, > > I am writing to you on behalf of a team of researchers in mobile security from Newcastle University, UK. Based on our recent work, we have identified vulnerabilities in the current privacy/security policies of accessing to mobile orientation and motion sensors via JavaScript codes specified here (http://www.w3.org/TR/orientation-event/). > > The results of our work show that it is possible to infer user's touch actions such as click, scroll, and zoom, as well as his PINs based on the sensor streams accessible through different mainstream mobile browsers. These browsers have implemented this feature according to the W3C device orientation event specification. > > A preliminary version of our work is already published here (http://dl.acm.org/citation.cfm?id=2714650). The detailed version of the paper including attacks on user's PINs will be published soon. > > We would be very happy to provide you with more information in regards to this problem. Is the full text of the paper publicly available somewhere so that we can read it and analyze the claims? -- Michael[tm] Smith https://people.w3.org/mike
Received on Tuesday, 11 August 2015 09:20:34 UTC