QIF-T0088

high

Gait biometric identification (IMU-based walking pattern fingerprint for persistent tracking)

Tier 2 — Validated (Independently Replicated)

Legacy status: CONFIRMED

Every person has a unique gait signature determined by limb length ratios, joint flexibility, muscle strength distribution, and neurological motor control patterns. Smartphone IMU sensors (accelerometer + gyroscope) carried in a pocket capture this signature with high fidelity — Muaaz & Mayrhofer (2017) achieved >95% identification accuracy across 175 subjects. The gait signature is: (1) difficult to spoof (requires altering unconscious motor patterns), (2) captured passively (phone in pocket during normal walking), (3) persistent across sessions and devices, and (4) capturable without any explicit permission. Gait biometrics enable persistent user tracking even when other identifiers (cookies, device IDs, face) are unavailable. Combined with T0089 (neurological profiling), gait data also reveals health conditions affecting motor control.

Technique Details

Tactic: QIF-S.FP
Status: CONFIRMED
Bands: S1, S2, S3

✚ Therapeutic Application

Smartphone IMU sensors capture unique walking patterns determined by biomechanics and neurological motor control; ML models fingerprint individuals for persistent tracking

Clinical Analog

Gait analysis for rehabilitation and neurological monitoring

Treats

Parkinson's disease gait monitoring
fall risk assessment in elderly
post-stroke rehabilitation tracking
orthopedic recovery monitoring

Neural Impact

3 of 7 neural bands affected

S1 S2 S3

Drag to rotate. Click a region to learn more.

Click or hover over a glowing region to see the attack techniques targeting it and their severity.

Scoring

NISS v1.1 NISS:1.1/BI:N/CR:N/CD:N/CV:I/RV:F/NP:N

CVSS v4.0 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N

2.0Low

Governance

Neurorights at Risk

This technique threatens 2 of the 4 proposed neurorights (Ienca & Andorno, 2017).

MP Mental Privacy DI DI

Consent Complexity

0.48 / 4.0

FDORA §3305 Compliance

Cyber Device

Regulatory Coverage

0.5 / 1.0

524B Requirements

TM VA SBOM SA PM

Regulatory Gaps

! CVSS partially captures risk; neural dimensions missing
! No FDA pathway for consumer sensor exploitation

Population Vulnerability

CRB vulnerability adjustment (γ=0.30) accounts for age, diagnosis severity, consent capacity, and device dependency.

Population	NISS Base	Adjusted	Severity	Delta
Adult (Default)	2.0	2.0	Low	-
Child (10yr) + ADHD	2.0	2.4	Low	+0.35
Adult with ALS	2.0	2.3	Low	+0.32

Validation Status

Theoretical / Not yet validated. This technique has not been independently tested. See the validation dashboard for what has been tested.

Qinnovate Neural Security Atlas Edit this on GitHub