Cross-Modal Leakage – IoT Devices

This post is also available in: עברית (Hebrew)

The growing number of smart IoT devices could be a threat to privacy. A new privacy threat from IoT devices such as smartphones, smart doorbells and voice assistants allows cyber attackers to access and combine device identification and biometric information.

A study by computer scientists at the University of Liverpool has revealed that identity leakages from different devices allow cyber attackers to correlate device IDs and biometric information to profile users in both cyber and physical domains, posing a significant online privacy and security threat.

Using over 30,000 biometric samples, computer scientists were able to de-anonymize over 70 percent device IDs (e.g. smartphone MAC addresses) and harvest the biometric information (facial images or voices) of device users with 94 percent accuracy.

This is the first time a new privacy issue of cross-modal identity leakage has been observed revealing an unprecedented threat in environments with multiple different sensors.

Dr Chris Xiaoxuan Lu, with the University of Liverpool’s Department of Computer Science who led the study, said the study unveils a compound identity leak from the combined side channels between human biometrics and device identities.

The research team is now working with the IT law researchers to scope out new policies for IoT manufacturers. Meanwhile on the technology side, they are also investigating how to effectively detect hidden electronic devices (e.g., spy cameras and microphones) with consumer smartphones, according to homelandsecuritynewswire.com.