Researchers have uncovered a potential means to profile and track online users using a novel approach that combines device identifiers with their biometric information.
The details come from a newly published research titled “Nowhere to Hide: Cross-modal Identity Leakage between Biometrics and Devices” by a group of academics from the University of Liverpool, New York University, The Chinese University of Hong Kong, and University at Buffalo SUNY.
“Prior studies on identity theft only consider the attack goal for a single type of identity, either for device IDs or biometrics,” Chris Xiaoxuan Lu, Assistant Professor at the University of Liverpool, told The Hacker News in an email interview. “The missing part, however, is to explore the feasibility of compromising the two types of identities simultaneously and deeply understand their correlation in multi-modal IoT environments.”
The researchers presented the findings at the Web Conference 2020 held in Taipei last week. The prototype and the associated code can be accessed here.
A Compound Data Leakage Attack
The identity leakage mechanism builds on the idea of surreptitious eavesdropping of individuals in cyber-physical spaces…