20:59 GMT26 November 2020
Listen Live
    Tech
    Get short URL
    by
    0 36
    Subscribe

    A novel approach to hacking can allow cybercriminals to exploit biometric identifiers such as voices and faces along with device identifiers to steal information and pinpoint a user's location, it was revealed in a study.

    Devices such as smartphones and internet-of-things (IoT) devices could allow cybercriminals to identify people using a combination of biometric and WiFi MAC addresses, to expose up to 70 percent of device identifiers, according to a new study.

    The study "Nowhere to Hide: Cross-modal Identity Leakage between Biometrics and Devices", was researched by academics from New York University, University of Liverpool, The Chinese University of Hong Kong and University at Buffalo SUNY. Findings were presented at the Web Conference 2020 in Taipei last week.

    "The attacker can be either insider like co-workers who share the same office with victims or outsiders who use their laptops to eavesdrop random victims in a coffee shop. So launching such an attack is not difficult, considering multi-modal IoT devices are very small and can be disguised well, like a spy camera with Wi-Fi sniffing function. All in all, there is little setup effort on the side of the attacker," University of Liverpool assistant professor, Chris Xiaoxuan Lu, told The Hacker News.

    Researchers used a Raspberry Pi with an audio recorder, 8 megapixel camera and WiFi device capable of detecting device IDs on WiFi networks. The experiment determined that such devices could find individuals within a crowd of people.

    Using encryption programmes like virtual private networks (VPNs) can help while working in public spaces, but strong countermeasures were needed, the researchers added.

    "Avoid connecting Wi-Fi to public wireless networks as it leaves your underlying Wi-Fi MAC address exposed. Don't allow multi-modal IoT devices (such as smart doorbell or voice assistants) to monitor you 24/7, because they send data back to third parties with no transparency to you, and they can be easily hacked and can compromise your ID in multiple dimensions," Xiaoxuan Lu said.

    The news comes after a survey conducted in 2019 revealed that 7 out of 10 organisations had reported successful or attempted system breaches to IoT devices, with the survey probing the opinions of 540 IT professionals on network security, revealing that organisations lacked confidence in network security and underestimated insider threats.

    European firms adopting IoT devices has almost reached levels in North America, with 83 percent in the former deploying such tools compared to 85 percent compared to the latter, the survey found.

    Related:

    VIP, Very Intelligent Perpetrator: Man Hacks Airline System to Get Business Class Flights Worth $20k
    Like a FOSS: Ubuntu 20.04 'Focal Fossa' Set for Release as Canonical's Next Open Source Linux Distro
    US Health Agency Hacked Overnight Amid Coronavirus Pandemic - Reports
    Working Remotely? Here's A Few Tips On Keeping Secure And Stable Networks Amid The COVID-19 Lockdown
    Tags:
    technology, scientific study, hackers, hacking tools, hacking, mobile network, networks
    Community standardsDiscussion