Devices such as smartphones and internet-of-things (IoT) devices could allow cybercriminals to identify people using a combination of biometric and WiFi MAC addresses, to expose up to 70 percent of device identifiers, according to a new study.
The study "Nowhere to Hide: Cross-modal Identity Leakage between Biometrics and Devices", was researched by academics from New York University, University of Liverpool, The Chinese University of Hong Kong and University at Buffalo SUNY. Findings were presented at the Web Conference 2020 in Taipei last week.
— Sophia McCavanaugh (@SMcCavanaugh) April 28, 2020
"The attacker can be either insider like co-workers who share the same office with victims or outsiders who use their laptops to eavesdrop random victims in a coffee shop. So launching such an attack is not difficult, considering multi-modal IoT devices are very small and can be disguised well, like a spy camera with Wi-Fi sniffing function. All in all, there is little setup effort on the side of the attacker," University of Liverpool assistant professor, Chris Xiaoxuan Lu, told The Hacker News.
Researchers used a Raspberry Pi with an audio recorder, 8 megapixel camera and WiFi device capable of detecting device IDs on WiFi networks. The experiment determined that such devices could find individuals within a crowd of people.
— Norton (@Norton) January 22, 2020
Using encryption programmes like virtual private networks (VPNs) can help while working in public spaces, but strong countermeasures were needed, the researchers added.
"Avoid connecting Wi-Fi to public wireless networks as it leaves your underlying Wi-Fi MAC address exposed. Don't allow multi-modal IoT devices (such as smart doorbell or voice assistants) to monitor you 24/7, because they send data back to third parties with no transparency to you, and they can be easily hacked and can compromise your ID in multiple dimensions," Xiaoxuan Lu said.
The news comes after a survey conducted in 2019 revealed that 7 out of 10 organisations had reported successful or attempted system breaches to IoT devices, with the survey probing the opinions of 540 IT professionals on network security, revealing that organisations lacked confidence in network security and underestimated insider threats.
European firms adopting IoT devices has almost reached levels in North America, with 83 percent in the former deploying such tools compared to 85 percent compared to the latter, the survey found.