Search for: All records

Internet-of-things (IoT) devices (e.g., micro camera and microphone) are usually small form factor, low-cost, and low-power, which makes them easy to conceal and deploy in the indoor environment to spy on people for human private information such as location and indoor activities. As a result, these IoT devices introduce a great privacy and ethical threat. Therefore, it is important to reveal these concealed IoT devices in the indoor environment for human privacy protection. This paper presents RFScan, a system that can passively detect, fingerprint, and localize diverse concealed IoT devices in the indoor environment by sensing their unintentional electromagnetic emanations. However, sensing these emanations is challenging due to the weak emanation strength and the interference from the ambient wireless communication signals. To this end, we boost the emanation strength through the non-coherent averaging based on the emanation signal's characteristics and design a novel suppression algorithm to mitigate interference from the wireless communication signals. We further profile emanations across frequency and time that act as the emanation source's unique signature and customize a deep neural network architecture to fingerprint the emanation sources. Furthermore, we can localize the emanation source with an angle-of-arrival (AoA) based triangulation approach. Our experimental results demonstrate the efficiency of the IoT devices' detection, fingerprinting, and localization across different indoor environments. 

Mobile devices continuously beacon Bluetooth Low Energy (BLE) advertisement packets. This has created the threat of attackers identifying and tracking a device by sniffing its BLE signals. To mitigate this threat, MAC address randomization has been deployed at the link-layer in most BLE transmitters. However, attackers can bypass MAC address randomization using lower-level physical-layer fingerprints resulting from manufacturing imperfections of radios. In this work, we demonstrate a practical and effective method of obfuscating physical-layer hardware imperfection fingerprints. Through theoretical analysis, simulations, and field evaluations, we design and evaluate our approach to hardware imperfection obfuscation. By analyzing data from thousands of BLE devices, we demonstrate obfuscation significantly reduces the accuracy of identifying a target device. This makes an attack impractical, even if a target is continuously observed for 24 hours. Furthermore, we demonstrate the practicality of this defense by implementing it by making firmware changes to commodity BLE chipsets.