Skip to main content

INFORMING THE UNINFORMED. New Research Reveals Biometrics And Devices Impose The Biggest Cyber Threats Ever.



track biometrics and device identity
Researchers have uncovered a potential means to profile and track online users using a novel approach that combines device identifiers with their biometric information.

The details come from a newly published research titled "Nowhere to Hide: Cross-modal Identity Leakage between Biometrics and Devices" by a group of academics from the University of Liverpool, New York University, The Chinese University of Hong Kong, and University at Buffalo SUNY.

"Prior studies on identity theft only consider the attack goal for a single type of identity, either for device IDs or biometrics," Chris Xiaoxuan Lu, Assistant Professor at the University of Liverpool, told The Hacker News in an email interview. "The missing part, however, is to explore the feasibility of compromising the two types of identities simultaneously and deeply understand their correlation in multi-modal IoT environments."

The researchers presented the findings at the Web Conference 2020 held in Taipei last week.

A Compound Data Leakage Attack.


The identity leakage mechanism builds on the idea of surreptitious eavesdropping of individuals in cyber-physical spaces over extended periods of time.

Deanonymize Device IDs

In a nutshell, the idea is that a bad actor can exploit the uniqueness of individuals' biometric information (faces, voices, etc.) and Wi-Fi MAC Addresses of smartphones and IoT devices to automatically identify people by drawing a spatial-temporal correlation between the two sets of observations.

"The attacker can be either insiders like co-workers who share the same office with victims or outsiders who use their laptops to eavesdrop random victims in a coffee shop," Xiaoxuan Lu said. "So launching such an attack is not difficult, considering multi-modal IoT devices are very small and can be disguised well, like a spy camera with Wi-Fi sniffing function. All in all, there is little setup effort on the side of the attacker."

To mount the attack, the researchers assembled an eavesdropping prototype built on a Raspberry Pi that consisted of an audio recorder, an 8MP camera, and a Wi-Fi sniffer that can capture the device identifiers.

The data collected in this manner not only ascertained that there exists a session attendance similarity between one's physical biometrics and his/her personal device, but they are also unique enough to isolate a specific individual among several people located in the same space.
De-anonymize Devices
The accuracy of the attack, however, can diminish in the event a victim is hidden in a crowd and shares the same or highly similar session attendance pattern with another subject in the — something that's difficult to happen and impractical, according to the researchers.

Possible Mitigation Techniques.


But with billions of IoT devices connected to the internet, the researchers say the compound effect of such a data leakage is a real threat, with the adversary capable of deanonymizing over 70% of the device identifiers.

Obfuscating wireless communications and scanning for hidden microphones or cameras could help to mitigate the cross-modal attack, although they warn there is no good countermeasure yet.

"Avoid connecting Wi-Fi to public wireless networks as it leaves your underlying Wi-Fi MAC address exposed," Xiaoxuan Lu said.

"Don't allow multi-modal IoT devices (such as smart doorbell or voice assistants) to monitor you 24/7, because they send data back to third parties with no transparency to you, and they can be easily hacked and can compromise your ID in multiple dimensions."

THN

#osutayusuf

Comments

Popular posts from this blog

Escaped Murder Suspect Finally Arrested in Yumbe Regional Referral Hospital, Yumbe District.

Story by Osuta Yusuf. 19-November-2024. 📸: Eyotre Kennedy handcuffed on bed while receiving medication this morning at Yumbe Regional Referral Hospital in Yumbe District. Eyotre Kennedy originating from Etoko village, Nyoroo Parish, Nyadri Sub-county in Maracha District who has for many years been terrorizing residents in his village, has finally been arrested this Monday morning 19-November-2024 while receiving treatment at Yumbe Regional Referral Hospital in Yumbe District following injuries he sustained from Theft mission on Saturday night 16-November-2024 in Owapi village, Azapi parish in Odupi Sub-county, Terego East Constituency in Terego District. Click here on the link  https://informationispowah.blogspot.com/2024/11/fugitive-who-chopped-3-people-killed.html   to read the story on his Theft of Goats in Terego. Upon getting cut on the finger and leg by the Mob as he attempted to fight and overpower owner of the goats he attempted to steal on Saturday night ...

41-Years-Old Man Digs His Own Grave in Maracha District.

Story by Osuta Yusuf.  Maracha District.  📸: The grave been dug by Mr Opiga Michael, a victim of frustration. Photo taken by Osuta Yusuf , on Wednesday 11-September-2024. The residents of Ebapi village, Baria Parish in Nyadri Sub-county, Maracha east constituency, Maracha District are in shock after a 41 year old man started digging his own grave. The man, identified as Mr Opiga Michael, who seems to be frustrated over some challenges in life, started digging his own grave on Tuesday 10-September-2024 until he was stopped by the elders in Nyaria clan. 📸: Opiga Michael, the Victim of Frustration. Photo by Osuta Yusuf , Information is Power. While speaking to our reporter on Wednesday evening 11-September-2024, Mr Opiga Michael, said, his main plan  was to commit suicide after finishing digging the grave for burying himself, explained that, he feels frustrated, abandoned and hated by his own clan people, whom he accused of piling lies against him a...

Wedded Ayivu West MP Lematia John Fights Over Another Woman.

  📸: Hon Lematia John. By URN. Police in Arua district are investigating a case of assault and threatening violence involving the Member of Parliament for Ayivu West Constituency John Lematia and James Ariko, a DSTV technician in Arua city. Drama ensued on Easter Sunday 31-3-2024 at Dream Land Hotel located at Kuluva trading center along Arua-Nebbi highway in Arua district when the legislator and the technician engaged in a fight reportedly over a woman identified as Faith Eyotaru 25, a relationship officer at Victoria University Kampala. The scuffle started after Ayivu West Mp John Lematia went to swim at Dreamland Hotel with Faith Eyotaru only to find Ariko, who had gone to the same hotel earlier. However, upon seeing the duo coming out of the vehicle, Ariko confronted Lematia with both men claiming to be having a relationship with the lady. It took the intervention of the staff at the hotel who intervened and separated the fight between the men. Josephine Angucia, the West Nil...