This attack and an annoyance that I see on Android from time to time could be easily mitigated if in Chrome if they would simply ship permissioning for access to hardware devices.
There is this annoying popup add that infects the ad networks of a few websites that first smashes the history of the tab and then vibrates your phone and has a page with a bunch of red warning text telling you that you have a virus, your phone is "damaged" and trying to get you to download some crappy virus scamware.
No way in hell a random website should be able to make your phone vibrate without your permission much less tell how its moving with the accelerometer.
I've google around a lot there is NO WAY to disable this :/
Chrome will soon require an SSL cert in order for web services to use the device orientation API, which is a step in the right direction, but ultimately doesn't help in prevention.
There is this annoying popup add that infects the ad networks of a few websites that first smashes the history of the tab and then vibrates your phone and has a page with a bunch of red warning text telling you that you have a virus, your phone is "damaged" and trying to get you to download some crappy virus scamware.
No way in hell a random website should be able to make your phone vibrate without your permission much less tell how its moving with the accelerometer.
I've google around a lot there is NO WAY to disable this :/