IoT Devices at Risk of Compromising your Digital Identity

Edward G. | April 30, 2020

IoT devices have reinvented both home and office environments. With such high-tech assistants, people discover comfort and accessibility on a whole new level. However, security advocates continue to label the constant connectivity and data sharing as a far-reaching hazard. For an additional layer of security, many IoT devices apply biometric technology to improve identification and access management. In this scenario, another issue pops up. What if the identifiers of devices and the biometric data could further the problem of unsolicited surveillance?

The role of biometric technologies in IoT

Integration of biometric IDs is an approach to keep IoT devices immune to leakages of users’ credentials. One of the most significant drawbacks in the IoT sector is that people rarely update the default passwords. Attackers applaud the decision to keep the original product settings: it makes their job all that easier.

As a result, specialists use biometrics to measure users’ physical characteristics for verifying their identity and granting access. There is a range of options for biometric authentication: voice, facial, and fingerprint recognition. Needless to say, the collection of such biometric data is a delicate matter. While it enhances the access control for IoT environments, it builds an entirely different playground for hackers.

Tracking through device identifiers and biometric data

Specialists from the University of Liverpool, the New York University, the Chinese University of Hong Kong, and the University at Buffalo SUNY have released a joint study. According to the findings, attackers could aim at both identifiers of IoT devices and the biometric data available through them. Since researchers usually focus on these security threats separately, they disregard the possibility of more inclusive attacks.

The basic idea is that a crook could exploit the physical characteristics of users in combination with Wi-Fi MAC addresses of IoT products and smartphones. This combination might contribute to tracking people, extracting valuable information, and pinpointing geo-locations. According to the research, hackers would launch long-term eavesdropping campaigns. Thus, they would use device filtering and cross-modal ID association. As a result, the identification of people in crowded environments would become possible thanks to extensive knowledge of their devices and physical features.

For conducting a real-life experiment, researchers employed a Raspberry Pi device, featuring an audio recorder, an 8MP camera, and a Wi-Fi sniffer. The latter was responsible for digging out the device identifiers. While this experiment used merely a prototype for such an intrusive attack, the investigation revealed some intriguing facts. Researchers successfully de-anonymized more than 70% of the device identifiers and extracted biometric data with 94% accuracy.

How to evade such attacks?

Researchers are yet to come up with a universal cure but recommend following some general cybersecurity tips to stay safe. First of all, hackers could connect to public Wi-Fi spots and be on the lookout for vulnerable users. Secondly, avoid keeping IoT devices online 24/7. The manufacturers of the internet-connected devices could partner with a bunch of third-parties. The lack of transparency and permissions for data exchanges could mean that once a data recipient gets hacked, the invasion compromises your information as well.

Attacks against IoT devices have become a typical pattern for hackers, targeting them in the most unexpected ways. Using a VPN to protect you from the evil forces is one way of keeping your digital identity secure. When you connect to a public Wi-Fi, it is crucial to keep your data transmissions safe. While a VPN won’t make you entirely immune to the aforementioned attack, it will give you a sense of anonymity when browsing in an unfamiliar environment. However, the general rule is to avoid connecting to public Wi-Fi spots as they give hackers easy access to your data and browsing habits.

All in all, the interconnection between objects through the IoT is the modern solution to a range of problems. However, let’s not forget that even the finest high-tech products are not foolproof. As a result, keep an eye out for solutions to transform your devices into impenetrable fortresses.

John C.

Edward G.

Cybersecurity Researcher and Publisher at Atlas VPN. My mission is to scan the ever-evolving cybercrime landscape to inform the public about the latest threats.