Skip to main content

Signals Collection

Signal Sources

A risk signal is an indicator or piece of information that suggests the potential for a problem, threat, or negative outcome.

Signals can originate from HYPR or from a range of external sources.

All HYPR signals and Events are available to Adapt for risk policy evaluation and signal handling.

For more detailed descriptions of HYPR Events, see Event Descriptions.

HYPR Device Signals

Signals sending capability is built into HYPR endpoints:

  • HYPR Mobile App (Android, iOS)

  • HYPR Passwordless (macOS, Windows)

  • Browsers

Note that these are opt-in and must be enabled.

External Signals

External sources may send signals to HYPR in the following ways:

  • The Signals API can be used to send ad-hoc signals, the data from which can then be incorporated into HYPR policy decisions

  • Inbound webhooks can be invoked by external webhooks and will receive signal data

HYPR can also collect signals from external sources:

  • Signal handlers can run on a schedule and pull in signals from third-party APIs

Mobile Device Signals

Feature Comparison

FeatureiOSAndroid
Bluetooth
MacNO ( iOS provides UUID which can change over time ). One should include some information in advertisement data of BLE device to fully support unique device identificationYES
RSSIYESYES
NameYESYES
CharacteristicsYES (after connecting)YES
BondStateYESYES
AdvertismentDataYESYES
txPowerYES ( if peripheral provides that data CBAdvertisementDataTxPowerLevelKey )YES
txPowerLevelYES ( if peripheral provides that data )YES
Motion
ActivityTypeYESYES
ConfidenceYESYES
Telephony
strengthNOYES
identityNOYES
statusNOYES
SignalStrengthNOYES
IdentityNOYES
TypeOfConnectionYES (LTE, 5G other)YES
NameOfProviderYES (Deprecated API)YES
WIFI
nameYesYes
bssidnoYes
rssinoyes

Android

Permissions

HYPR requests permissions at the following occurrences:

  • Camera Permissions when the Mobile App needs to scan a QR code

  • Notifications just after HYPR registers the profile with Firebase Cloud Messaging (FCM) to authenticate

  • When HYPR registers at least one profile that needs signals

The list of requesting permissions depends on the device's OS. Check the table below.

PermissionRuntime ask
service<uses-permission android:name="android.permission.POST_NOTIFICATIONS"/>

<uses-permission android:name="android.permission.FOREGROUND_SERVICE"/>		Since TIRAMISU
(API 33 - Android 13)
Send you notifications.
location<uses-permission android:name="android.permission.ACCESS_COARSE_LOCATION"/>

<uses-permission android:name="android.permission.ACCESS_FINE_LOCATION"/>		Access this device's location.
telephony - cells<uses-permission android:name="android.permission.READ_PHONE_STATE"/>

<uses-feature android:name="android.hardware.telephony"/>		Make and manage phone calls.
wifi<uses-permission android:name="android.permission.ACCESS_WIFI_STATE" />

<uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />
motion<uses-permission android:name="com.google.android.gms.permission.ACTIVITY_RECOGNITION" />

<uses-permission android:name="android.permission.ACTIVITY_RECOGNITION" />		Since Android Q
(API 29 - Android 10)
Access your physical activity.
bluetooth<uses-permission android:name="android.permission.BLUETOOTH"/>

<uses-permission android:name="android.permission.BLUETOOTH_ADMIN"/>

<uses-permission android:name="android.permission.BLUETOOTH_SCAN" />

<uses-permission android:name="android.permission.BLUETOOTH_CONNECT" />		Since Android S
(API 31 - Android 12)
Find, connect, and determine the relative position of nearby devices.
storage<uses-permission android:name="android.permission.READ_EXTERNAL_STORAGE" tools:ignore="ScopedStorage" />

<uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE" tools:ignore="ScopedStorage" />		Before TIRAMISU
(API 33 - Android 13)
Access photos, media, and files on your device.

Bluetooth

HYPR scans Bluetooth devices on demand and receives the following actions:

  • BluetoothDevice.ACTION_FOUND

  • BluetoothAdapter.ACTION_DISCOVERY_STARTED

  • BluetoothAdapter.ACTION_DISCOVERY_FINISHED

HYPR may also receive started and finished scanning actions from other apps.

Bluetooth LE

HYPR collects Bluetooth Low Energy (BLE) signals, registering the application and collecting all neighborhood devices. Longer scanning times may be necessary to compensate for lengthy power-saving intervals that would otherwise prevent a signal from being detected.

Motion

HYPR captures Activity motion signals every 5 seconds; Transition and Sleep motion signals are not captured. Activity is identified by the type attribute by a number from 1 to 7, as shown below:

  • 1: IN_VEHICLE or ON_BICYCLE
  • 2: ON_FOOT
  • 3: STILL
  • 4: UNKNOWN
  • 5: TILTING
  • 6: WALKING
  • 7: RUNNING

Telephony

These signals carry information about the telephony network around the user. Received information depends on the kind of network that is connected.

  • NONE: There is no connected telephony network
  • PRIMARY_SERVING: The main cell tower to which the mobile device is connected
  • SECONDARY_SERVING: Additional connected radio receivers assisting the Primary
  • UNKNOWN: Unable to be determined

WiFi

Wireless signals generated when HYPR interprets device scanning results after a QR code is scanned.

  • ssid: Service set identifier; the network name
  • bssis: Basic service set identifier; the MAC address of the access point
  • rssi: Received signal strength indicator; how strong the wireless signal is

Location

HYPR ingests Location-based events from different providers:

  • gps: Global positioning system; this signal is the most accurate

  • network: Based on cellId or local networks

  • fused: Uses the best available information accoding to defined criteria

  • passive: Retrieve data when any other application uses any location provider

Additional data is included, such as vertical and horizontal accuracy, speed, and longitude/latitude coordinates.

HYPR can determine how frequently this signal is checked and extrapolate how far the user has traveled during the assigned interval.

For an example of all signals collected by Adapt, see the All Signals Example.

Enabling Signals Collection

Adapt can be configured to send Signals at different times:

  • At the start of an authentication request

  • After the Mobile App is foregrounded (a 10-second delay occurs while HYPR refreshes relevant data)

iOS

Bluetooth Sampling

Core Bluetooth works with the concept of a central device (your iOS app) and peripheral devices (BLE devices you want to communicate with). HYPR connects with and discovers the services and characteristics of the device, then communicates with it to send and receive signal data.

WiFi

iOS apps do not have access to read detailed WiFi network information, including SSID, BSSID, signal strength, and other network-specific details, for networks other than the one the device is currently connected to.

Motion Manager

Signals motion-related activity data for the purpose of tracking various physical activities performed by the user (walking, running, biking/in a vehicle, etc.).

Significant Location Changes

Receive location updates when the user's device moves a significant distance, even if the Mobile App is in the background or terminated.

Significant location updates are designed to conserve battery life, so they might not be delivered immediately or as frequently as standard location updates. These updates are based on cell tower changes and other factors that indicate significant movement.

Telephony

The Apple API used to collect network telephony information was deprecated as of iOS 16. If it is used, it only provides the network name (SSID).

Enabling Signals Collection

Adapt can be configured to send Signals at different times:

  • At the start of an authentication request

  • After the Mobile App is foregrounded (a 10-second delay occurs while HYPR refreshes relevant data) or backgrounded

Workstation Signals

Signals from the HYPR Passwordless client are the same on both operating systems (macOS and Windows).

To collect signal data from a workstation, the following settings must be enabled

  • Location settings for the Passwordless client; this may require additional enablement of the 'Desktop Apps' group

  • The feature to send workstation signals; contact HYPR Support to have it turned on

  • If you want to collect signals when the workstation is unlocked using HYPR, this also must be enabled; contact HYPR Support to have this feature enabled

The data collected includes the following:

  • Location information

  • System information

    • Host information

    • Bluetooth information

    • Network information

    • WiFi information

The default interval between signals collection is 3600 seconds, or 1 hour; collection also occurs when a new notification is sent. If this value is changed, the HyprOneService must be restarted.

If Signal data collection during workstation unlock is Enabled, the payload will be embedded into the UNLOCK event's payload as a value of the top-level workstationSignal key.

If collection during workstation unlock is Disabled, signal data will be sent to the wsapi/signal endpoint; it will be similar to the example shown here:

{
  "rpAppId": "HYPRDefaultWorkstationApplication",
  "machineId": "d62849f8-cab3-4173-a7a7-8936c3d0e3eb",
  "machineUserNames": [
    "XRAY-tu9"
  ],
  "data": {
    "machine": {
        "osVersion": "22H2 (OS Build 22621)",
        "hyprVersion": "9.2.0"
    },
    "location": {
        "locationServicesEnabled": true,
        "permissionLevel": "PRECISE",
        "accuracy": "77",
        "longitude": "148.233",
        "latitude": "-64.0987",
        "gpsTimestamp": "135983209132"
    },
    "system": {
        "osVersion": "22H2 (OS Build 22621)",
        "hyprVersion": "8.7.0",
        "tpmEnabled": false,
        "tpmRevisionNumber": "1.16",
        "virtualizationBasedSecurityEnabled": false,
        "secureBootEnabled": false,
        "credentialGuardEnabled": false,
        "memoryIntegrityEnabled": false,
        "systemGuardEnabled": false,
        "biosSerialNumber": "R90X1JJ1",
        "windowsSerialNumber": "00330-52462-18947-AAOEM",
        "crowdstrikeAID": "3B11AB0B5B464BF2B726BB905F392FAB"  
    },
    "networks": [
        {
            "name": "Ethernet 3",
            "description": "TAP-Windows Adapter V9",
            "type": "ETHERNET",
            "ipAddresses": "fe80::9fef:e840:869f:433b%23,192.168.229.47"
        },
        {
            "name": "VMware Network Adapter VMnet1",
            "description": "VMware Virtual Ethernet Adapter for VMnet1",
            "type": "ETHERNET",
            "ipAddresses": "fe80::b690:20d8:66c2:401c%20,192.168.64.1"
        },
        {
            "name": "VMware Network Adapter VMnet8",
            "description": "VMware Virtual Ethernet Adapter for VMnet8",
            "type": "ETHERNET",
            "ipAddresses": "fe80::222d:4aeb:e5b:2968%21,192.168.114.1"
        },
        {
            "name": "Wi-Fi",
            "description": "Intel(R) Wi-Fi 6 AX200 160MHz",
            "type": "WIFI",
            "ipAddresses": "fe80::78a4:6ecc:8d6f:82f8%3,192.168.1.197"
        },
    "wifi": [
        {
            "ssid": "L1",
            "signalStrength": 91,
            "isConnected": true,
            "hasProfile": true
        },
        {
            "ssid": "L4",
            "signalStrength": 72,
            "isConnected": false,
            "hasProfile": true
        },
        {
            "ssid": "FIOS-LU3LI-5G2",
            "signalStrength": 22,
            "isConnected": false,
            "hasProfile": false
        },
        {
            "ssid": "FIOS-LU3LI-5G",
            "signalStrength": 32,
            "isConnected": false,
            "hasProfile": false
        },
    ],
    "bluetooth": [
        {
            "devName": "Bose QC45",
            "isConnected": false,
            "isRemembered": true,
            "isAuthenticated": true,
            "lastSeen": "11/25/2023 3:53:47 AM",
            "lastUsed": "11/10/2023 11:00:06 PM"
        },
        {
            "devName": "Avantree Audition",
            "isConnected": false,
            "isRemembered": true,
            "isAuthenticated": true,
            "lastSeen": "11/25/2023 3:53:47 AM",
            "lastUsed": "11/12/2023 1:27:08 PM"
        }
    ]        
  }
}

Browser Signals

The combined signals from a Browser comprise a fingerprint. The previous fingerprint is computed on the server using SHA256; submitted fingerprints are independently hashed - also using SHA256. Fuzzy hashing is then used to determine the viability of the submitted fingerprint compared to the server fingerprint.

HYPR collects the following Stable Fingerprint Model attributes to compile the browser fingerprint.

  • canvas2d
  • canvasWebgl: Includes GPU information and supported Webgl extensions
  • css: Includes MimeTypes
  • cssMedia
  • fonts
  • media
  • navigator: Device specific details, BLE support, system, platform, device, device memory, hardware concurrency, and user agent data
  • offlineAudioContext: Include audio device information
  • screen
  • timezone
  • workerScope: Confirms through a web service worker navigator, timezone, and webgl data

HYPR also collects the Loose Fingerprint Model, which extends the Stable Fingerprint Model with the following components:

  • capturedErrors
  • clientRects
  • consoleErrors
  • features
  • headless: Detect if browser is operating in a headless mode, i.e., Selenium
  • htmlElementVersion: Measures html element support
  • intl: International locale information
  • lies
  • maths: Measures support for various math functions
  • resistance: Measures privacy functions enabled in Browser or OS
  • svg: Measures svg rendering
  • trash
  • voices: Measures SpeechSynthesis (Text-to-Speech) and SpeechRecognition (Asynchronous Speech Recognition)
  • windowFeatures: Measures supported Windows features

HYPR does not collect viewport size, performance, and network speed due to the unstable variability of these attributes.

Geolocation Data

Geolocation data is treated separately and not included in the browser fingerprint. The browser must allow Location Services for geolocation to be captured; otherwise the geolocation result will return "Geolocation is not supported by this browser."

The Geolocation model includes the following attributes:

  • GelocationPosition
  • GeolocationCoordinates
  • Accuracy
  • Altitude
  • AltitudeAccuracy
  • Heading
  • Latitude
  • Longitude
  • Speed
  • Timestamp