Privacy
FMCW radars are integral to automotive driving for robust and weather-proof sensing of surrounding objects. At the same time, these radars are vulnerable to spoofing attacks that may cause sensor malfunction leading to fatal accidents. Many past works tried spoofing attacks on FMCW radars using an attacker device that generates spoofing signals, but they are not very effective as they require tight synchronization between the attacker and victim. We present a novel spoofing mechanism mmSpoof that is based on the reflection of radar signal with appropriate modulation to spoof the victim’s radar. Our spoofing with a mmWave reflect array eliminates the need for synchronization and is robust to various security features and countermeasures of the victim’s radar. We provide insights and mechanisms to flexibly spoof any distance and velocity on the victim’s radar using a unique frequency shift at the mmSpoof’s reflect array. mmSpoof designs a novel algorithm for estimating this frequency shift without assuming any prior information about the victim’s radar. We develop a compact and mobile setup for mmSpoof using commercial-off-the-shelf components and show the effectiveness of spoofing in realistic automotive driving scenarios with commercial radars.
R. Vennam, I. Jain, K. Bansal, J. Orozco, P. Shukla, A. Ranganathan, D. Bharadia
Wi-Fi-based indoor localization has now matured for over a decade. Most of the current localization algorithms rely on the Wi-Fi access points (APs) in the enterprise network to localize the Wi-Fi user accurately. Thus, the Wi-Fi user’s location information could be easily snooped by an attacker listening through a compromised Wi-Fi AP. With indoor localization and navigation being the next step towards automation, it is important to give users the capability to defend against such attacks. In this paper, we present MIRAGE, a system that can utilize the downlink physical layer information to create a defense against an attacker snooping on a Wi-Fi user’s location information. MIRAGE achieves this by utilizing the beamforming capability of the transmitter that is already part of the Wi-Fi standard protocols. With this initial idea, we have demonstrated that the user can obfuscate his/her location from the Wi-Fi AP always with no compromise to the throughput of the existing Wi-Fi communication system through the real-world prototype, and reduce the user location accuracy of the attacker from 2.3m to more than 10m through simulation.
Roshan Ayyalasomayajula, Wei Sun, Aditya Arun, Dinesh Bharadia
Mobile devices increasingly function as wireless tracking beacons. Using the Bluetooth Low Energy (BLE) protocol, mobile devices such as smartphones and smartwatches continuously transmit beacons to inform passive listeners about device locations for applications such as digital contact tracing for COVID-19, and even finding lost devices. These applications use cryptographic anonymity that limit an adversary’s ability to use these beacons to stalk a user. However, attackers can bypass these defenses by fingerprinting the unique physical-layer imperfections in the transmissions of specific devices. We empirically demonstrate that there are several key challenges that can limit an attacker’s ability to find a stable physical layer identifier to uniquely identify mobile devices using BLE, including variations in the hardware design of BLE chipsets, transmission power levels, differences in thermal conditions, and limitations of inexpensive radios that can be widely deployed to capture raw physical-layer signals. We evaluated how much each of these factors limits accurate fingerprinting in a large-scale field study of hundreds of uncontrolled BLE devices, revealing that physical-layer identification is a viable, although sometimes unreliable, way for an attacker to track mobile devices.
Hadi Givehchian, Nishant Bhaskar, Eliana Rodriguez Herrera, Héctor Rodrigo López Soto, Christian Dameff, Dinesh Bharadia, and Aaron Schulman