16th USENIX Security Symposium – Abstract
Pp. 55–70 of the Proceedings
Devices That Tell on You: Privacy Trends in Consumer Ubiquitous Computing
T. Scott Saponas, Jonathan Lester, Carl Hartung, Sameer Agarwal, and Tadayoshi Kohno, University of Washington
Abstract
We analyze three new consumer electronic gadgets in order to
gauge the privacy and security trends in mass-market
UbiComp devices. Our study of the Slingbox Pro uncovers a
new information leakage vector for encrypted streaming
multimedia. By exploiting properties of variable bitrate
encoding schemes, we show that a passive adversary can
determine with high probability the movie that a user is
watching via her Slingbox, even when the Slingbox uses
encryption. We experimentally evaluated our method against
a database of over 100 hours of network traces for 26 distinct
movies.
Despite an opportunity to provide significantly more
location privacy than existing devices, like RFIDs, we find
that an attacker can trivially exploit the Nike+iPod Sport
Kit’s design to track users; we demonstrate this with a
GoogleMaps-based distributed surveillance system. We also
uncover security issues with the way Microsoft Zunes
manage their social relationships.
We show how these products’ designers could have
significantly raised the bar against some of our attacks. We
also use some of our attacks to motivate fundamental
security and privacy challenges for future UbiComp
devices.
- View the full text of this paper in HTML and PDF. Listen to the presentation in MP3 format.
Until August 2008, you will need your USENIX membership identification in order to access the full papers.
The Proceedings are published as a collective work, © 2007 by the USENIX Association. All Rights Reserved. Rights to individual papers remain with the author or the author's employer. Permission is granted for the noncommercial reproduction of the complete work for educational or research purposes. USENIX acknowledges all trademarks within this paper.
|
