Researchers have uncovered a potential means to profile and track online users using a novel approach that combines device identifiers with their biometric information.
The details come from a newly published research titled “Nowhere to Hide: Cross-modal Identity Leakage between Biometrics and Devices” by a group of academics from the University of Liverpool, New York University, The Chinese University of Hong Kong, and University at Buffalo SUNY.
The identity leakage mechanism builds on the idea of surreptitious eavesdropping of individuals in cyber-physical spaces over extended periods of time.
Possible Mitigation Techniques
But with billions of IoT devices connected to the internet, the researchers say the compound effect of such a data leakage is a real threat, with the adversary capable of deanonymizing over 70% of the device identifiers.
Obfuscating wireless communications and scanning for hidden microphones or cameras could help to mitigate the cross-modal attack, although they warn there is no good countermeasure yet.
“Avoid connecting Wi-Fi to public wireless networks as it leaves your underlying Wi-Fi MAC address exposed,” Xiaoxuan Lu said.
“Don’t allow multi-modal IoT devices (such as smart doorbell or voice assistants) to monitor you 24/7, because they send data back to third parties with no transparency to you, and they can be easily hacked and can compromise your ID in multiple dimensions.”
Source: THN