Positional Information Leakage of Wireless Consumer Electronic Devices

Smartphones and other portable devices continuously emit signals for communication with Wi-fi, Bluetooth, and 4G/5G. In the past work these emissions have been shown to reveal the location and identity of users. This presents privacy risks as a user's movement can be tracked overtime by business for marketing and analytics purposes or attackers for more malicious reasons. Current countermeasures include MAC address randomisation when probing for wi-fi networks or manually changing MAC addresses when moving between locations. However, this may not be sufficient to prevent identification when signal fingerprinting methods are used to uniquely identify a device without considering the data content of the transmission.

My research aims to explore issues related to identity information leakage and fine grained localisation using consumer electronic devices using commercial-off-the-shelf (COTS) hardware. My main focus is on the potential to exploit the radiation pattern of smartphone antennae to learn more about a device than simply a rough location. The antenna patterns of smartphones could be used to identify devices based on unique signal strength patterns and determine their orientation and learn more about their fine grain movement by mapping current signal strength measurements to previously measured antenna patterns. These attack methods are yet to be explored and pose severe privacy issues rendering existing tracking countermeasures ineffective and I will look to develop a new range of countermeasures to protect against this privacy risks. Wi-fi emissions will be the focal point as the power of transmissions are relatively high which makes them measurable over larger distances than Bluetooth and are very easy to collect and process using cheap COTS hardware and opensource software unlike LTE and 5G. Insecure Internet of Things (IoT) devices present a particular risk because they provide a possible platform from which to conduct these kinds of attacks. Although there are clear risks, there are a potentially legitimate uses for improving security, such as intrusion detection of unauthorised devices/people into secure spaces.

This project falls within the EPSRC Digital economy research area and the Security, privacy, and trust sub theme.

It is part of the nature of Cyber Security - and a key reason for the urgency in developing new research approaches - that it now is a concern of every section of society, and so the successful CDT will have a very broad impact indeed. We will ensure impact for:

* The IT industry; vendors of hardware and software, and within this the IT Security industry;

* High value/high assurance sectors such as banking, bio-medical domains, and critical infrastructure, and more generally the CISO community across many industries;

* The mobile systems community, mobile service providers, handset and platform manufacturers, those developing the technologies of the internet of things, and smart cities;

* Defence sector, MoD/DSTL in particular, defence contractors, and the intelligence community;

* The public sector more generally, in its own activities and in increasingly important electronic engagement with the citizen;

* The not-for-profit sector, education, charities, and NGOs - many of whom work in highly contended contexts, but do not always have access to high-grade cyber defensive skills.

Impact in each of these will be achieved in fresh elaborations of threat and risk models; by developing new fundamental design approaches; through new methods of evaluation, incorporating usability criteria, privacy, and other societal concerns; and by developing prototype and proof-of-concept solutions exhibiting these characteristics. These impacts will retain focus through the way that the educational and research programme is structured - so that the academic and theoretical components are directed towards practical and anticipated problems motivated by the sectors listed here.