Abstract
Fingerprinting mobile devices over a WiFi channel has both positive and negative security implications: on one hand it allows the establishment of physically secure identifications by exploiting physically unclonable characteristics, on the other it jeopardizes privacy by mediating remote identification without user awareness. We are able to distinguish between smartphones within minutes, whenever their clock drifts apart with around one part-per-million, by using innocuous ICMP timestamps. To achieve this, we compute the clock skew of the device with linear programming techniques, a previously known methodology. Our experiments are done on some of the top Android devices on the market and the results show that remote identification is feasible even in the presence of: discontinued connections, clock synchronization, multiple hops or poor network conditions. Since blocking ICMP timestamps is not available by default on Android platforms, as well as editing the drivers is not within reach for average users, it seems that this may be indeed a privacy hole for smartphone users (and may be even worse for the closed-source platforms).
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
