A novel approach to hacking can allow cybercriminals to exploit biometric identifiers such as voices and faces along with device identifiers to steal information and pinpoint a user’s location, it was revealed in a study.
Devices such as smartphones and internet-of-things (IoT) devices could allow cybercriminals to identify people using a combination of biometric and WiFi MAC addresses, to expose up to 70 percent of device identifiers, according to a new study.
The study “Nowhere to Hide: Cross-modal Identity Leakage between Biometrics and Devices”, was researched by academics from New York University, University of Liverpool, The Chinese University of Hong Kong and University at Buffalo SUNY. Findings were presented at the Web Conference 2020 in Taipei last week.
“The attacker can be either insider like co-workers who share the same office with victims or outsiders who use their laptops to eavesdrop random victims in a coffee shop. So launching such an attack is not difficult, considering multi-modal IoT devices are very small and can be disguised well, like a spy camera with Wi-Fi sniffing function. All in all, there is little setup effort on the side of the attacker,” University of Liverpool assistant professor, Chris Xiaoxuan Lu, told The Hacker News.
Researchers used a Raspberry Pi with an audio recorder, 8 megapixel camera and WiFi device capable of detecting device IDs on WiFi networks. The experiment determined that such devices could find individuals within a crowd of people.
Using encryption programmes like virtual private networks (VPNs) can help while working in public spaces, but strong countermeasures were needed, the researchers added.
The news comes after a survey conducted in 2019 revealed that 7 out of 10 organisations had reported successful or attempted system breaches to IoT devices, with the survey probing the opinions of 540 IT professionals on network security, revealing that organisations lacked confidence in network security and underestimated insider threats.
European firms adopting IoT devices has almost reached levels in North America, with 83 percent in the former deploying such tools compared to 85 percent compared to the latter, the survey found.