Apolline Zehner (Universite libre de Bruxelles), Iness Ben Guirat (Universite libre de Bruxelles), Jan Tobias Muhlberg (Universite libre de Bruxelles)

Wireless devices, especially Bluetooth and Wi-Fi devices, emit radio communication both to scan for neighboring devices and to advertise themselves. For example, a mobile phone would typically be searching for Wi-Fi access points and Bluetooth devices, e.g., headsets, and advertise itself for connections. For this purpose, communication interfaces use a Medium Access Control (MAC) address which is a unique identifier to differentiate one device from another. However, the use of such unique identifiers can violate the privacy of the device and hence of the user; an attacker is able to use such unique identifiers in order to passively track a device. MAC address randomization – techniques that periodically change the MAC addresses of a device – were developed as a privacy-enhancing measure against such attacks. However research shows that this can be easily circumvented. In this paper, we survey approaches and techniques for metadata anonymization in Bluetooth and Wi-Fi, as well as the de-anonymization attacks. Many of these attacks rely on physical characteristics of the communication medium and on implementation flaws of both wireless protocols and MAC address randomization protocols. We conclude by discussing open challenges both in metadata protection and deanonymization.

View More Papers

TrajDeleter: Enabling Trajectory Forgetting in Offline Reinforcement Learning Agents

Chen Gong (University of Vriginia), Kecen Li (Chinese Academy of Sciences), Jin Yao (University of Virginia), Tianhao Wang (University of Virginia)

Read More

Transparency or Information Overload? Evaluating Users’ Comprehension and Perceptions...

Xiaoyuan Wu (Carnegie Mellon University), Lydia Hu (Carnegie Mellon University), Eric Zeng (Carnegie Mellon University), Hana Habib (Carnegie Mellon University), Lujo Bauer (Carnegie Mellon University)

Read More

Characterizing the Impact of Audio Deepfakes in the Presence...

Magdalena Pasternak (University of Florida), Kevin Warren (University of Florida), Daniel Olszewski (University of Florida), Susan Nittrouer (University of Florida), Patrick Traynor (University of Florida), Kevin Butler (University of Florida)

Read More

Detecting IMSI-Catchers by Characterizing Identity Exposing Messages in Cellular...

Tyler Tucker (University of Florida), Nathaniel Bennett (University of Florida), Martin Kotuliak (ETH Zurich), Simon Erni (ETH Zurich), Srdjan Capkun (ETH Zuerich), Kevin Butler (University of Florida), Patrick Traynor (University of Florida)

Read More