Researchers Use Biometrics and Data from IoT Devices to Identify People
Researchers from the University of Liverpool, New York University, The Chinese University of Hong Kong, and University at Buffalo SUNY figured out a way to de-anonymize the information coming from people’s devices, allowing them to identify people by using both biometric data and device identifiers.
Internet of Things devices emit a lot of data, all the time, but users might think that they are safe from attackers snooping around because there are so many of them. Using just the MAC address that a device communicates in the ether is not enough to identify users, but if used in combination with other biometrics, the results can be refined.
According to a Hacker News report, citing a paper named “Nowhere to Hide: Cross-modal Identity Leakage between Biometrics and Devices,” researchers could comprehensively profile victims in multi-dimension by using different biometrics and device IDs.
“While the exposure of a certain type of physical biometrics or device identity is extensively studied, the compound effect of leakage from both sides remains unknown in multi-modal sensing environments” reads the paper’s summary.
“In this work, we explore the feasibility of the compound identity leakage across cyber-physical spaces and unveil that co-located smart device IDs (e.g., smartphone MAC addresses) and physical biometrics (e.g., facial/vocal samples) are side channels to each other.”
The study also uses a simple attack as a practical example. The tool was a custom-built device based on a Raspberry Pi, coupled with an 8MP camera, audio recorder, and a Wi-Fi sniffer. By collecting biometric and device data, the researchers were able to identify people in groups positively. The extra dimension needed for the experiment to work was time. The longer the experiment runs, the more accurate the results.
While there aren’t any particular methods that people can use to protect themselves, it would be a good idea to not use public Wi-Fis and to not allow multi-modal IoT devices, like smart cameras or doorbells, to monitor users around the clock.Biometrics device indentifiers Internet of Things IoT security