CSE Building University of Washington Computer Science & Engineering
 UW CSE | Security and Privacy Research | Devices That Tell On You
  CSE Home   About Us    Search    Contact Info 

Devices That Tell On You: Privacy Trends in Consumer Ubiquitous Computing.
16th USENIX Security Symposium 2007.
T. Scott Saponas, Jonathan Lester, Carl Hartung, Sameer Agarwal, and Tadayoshi Kohno.
Available here: PDF.

Abstract:

We analyze three new consumer electronic gadgets in order to gauge the privacy and security trends in mass-market UbiComp devices.

Our study of the Slingbox Pro uncovers a new information leakage vector for encrypted streaming multimedia. By exploiting properties of variable bitrate encoding schemes, we show that a passive adversary can determine with high probability the movie that a user is watching via her Slingbox, even when the Slingbox uses encryption. We experimentally evaluated our method against a database of over 100 hours of network traces for 26 distinct movies.

Despite an opportunity to provide significantly more location privacy than existing devices, like RFIDs, we find that an attacker can trivially exploit the Nike+iPod Sport Kit's design to track users; we demonstrate this with a GoogleMaps-based distributed surveillance system. We also uncover security issues with the way Microsoft Zunes manage their social relationships.

We show how these products' designers could have significantly raised the bar against some of our attacks. We also use some of our attacks to motivate fundamental security and privacy challenges for future UbiComp devices.

Keywords:

Information leakage, variable bitrate (VBR) encoding, encryption, multimedia security, privacy, location privacy, mobile social applications, UbiComp.

Additional information:

USENIX Security 2007 paper (PDF).
UW CSE Security and Privacy Research Page.


CSE logo Computer Science & Engineering
University of Washington
Box 352350
Seattle, WA  98195-2350
(206) 543-1695 voice, (206) 543-2969 FAX
[comments to yoshi]