DIGITAL LIFE

Hackers can locate victims using their voices and faces, says study

A study by academics from different universities revealed that the task of hackers to take advantage of victims' data is facilitated by their lack of protection.
Devices such as smartphones and Internet of Things (IoT) devices could allow cybercriminals to identify people using a combination of biometric addresses and WiFi MAC and expose up to 70% of device identifiers, according to a new study.
The "Nowhere to Hide: Leakage of Intermodal Identity Between Biometrics and Devices" study ("Nowhere to Hide: Cross-modal Identity Leakage between Biometrics and Devices") was conducted by academics from New York University in the USA, Liverpool University in the United Kingdom, Chinese University of Hong Kong and the State University of New York in Buffalo, USA, and published on the arXiv website.
The findings were presented at the Web Conference 2020 in Taipei, Taiwan, last week.
"The attacker can be either an internal person, or a co-worker who shares the same office with the victims, or external, who use their laptops to listen to random victims in a cafeteria," said Chris Xiaoxuan Lu, assistant professor at the University of Liverpool.
"Therefore, launching such an attack is not difficult, considering that multimodal IoT devices are very small and can be well disguised, such as a spy camera with a Wi-Fi sniffing function. Overall, there is little configuration effort on the server side. attacker, "he reported to The Hacker News.
The researchers used a Raspberry Pi with an audio recorder, eight megapixel camera and Wi-Fi device capable of detecting device IDs on wireless networks. The experiment determined that such devices could find individuals. A hacker published a list of credentials for more than 515,000 servers, home routers and other Internet of Things (IoT) devices online in a popular hacker forum, in what is being reported as the biggest leak of Telnet passwords [Internet functioning protocol] so far.
The use of cryptographic programs such as virtual private networks (VPNs) can help while working in public spaces, but strong countermeasures are needed, the researchers added.
"Avoid connecting Wi-Fi to public wireless networks, as this leaves your underlying Wi-Fi MAC address exposed," warns Xiaoxuan Lu.
"Do not allow multimodal IoT devices (such as a smart bell or voice assistants) to monitor you 24 hours a day, seven days a week, because they send data back to third parties without transparency for you, and they can be easily hacked and can compromise its identification in multiple dimensions ", he said.

Research in the area
A 2019 survey found that seven out of ten organizations had reported successful system breaches or attempts to breach IoT devices.
The survey polled the opinions of 540 network security information technology professionals, revealing that organizations lacked confidence in network security and underestimated internal threats.
So far 83% of European companies have adopted IoT devices. In North America, 85% of companies are using such tools, the survey found. Within a crowd of people.

Ria Novosti