{"title":"Leveraging AI to Compromise IoT Device Privacy by Exploiting Hardware Imperfections","authors":"Mirza Athar Baig;Asif Iqbal;Muhammad Naveed Aman;Biplab Sikdar","doi":"10.1109/TAI.2025.3526139","DOIUrl":null,"url":null,"abstract":"The constrained design, remote deployment, and sensitive data generated by Internet of Things (IoT) devices make them susceptible to various cyberattacks. One such attack is profiling IoT devices by tracking their packet transmissions. While existing methods mitigate these attacks using pseudonymous identities, we propose a novel attack strategy that exploits the physical layer characteristics of IoT devices. Specifically, we demonstrate how an attacker can leverage features extracted from device transmissions to identify packets originating from the same device. Once identified, the attacker can isolate the device's signals and potentially determine its physical location. This attack exploits the fact that microcontroller clock variations exist across devices, even within the same model line. By extracting transmission features and training machine learning (ML) models, we accurately identify the originating device of the packets. This study reveals inherent privacy vulnerabilities in IoT systems due to hardware imperfections that are beyond user control. These limitations have profound implications for the design of security frameworks in emerging ubiquitous sensing environments. Our experiments demonstrate that the proposed attack achieves 99% accuracy in real-world settings and can bypass privacy measures implemented at higher protocol layers. This work highlights the urgent need for privacy protection strategies across multiple layers of the IoT protocol stack.","PeriodicalId":73305,"journal":{"name":"IEEE transactions on artificial intelligence","volume":"6 6","pages":"1561-1574"},"PeriodicalIF":0.0000,"publicationDate":"2025-01-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE transactions on artificial intelligence","FirstCategoryId":"1085","ListUrlMain":"https://ieeexplore.ieee.org/document/10830496/","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
Abstract
The constrained design, remote deployment, and sensitive data generated by Internet of Things (IoT) devices make them susceptible to various cyberattacks. One such attack is profiling IoT devices by tracking their packet transmissions. While existing methods mitigate these attacks using pseudonymous identities, we propose a novel attack strategy that exploits the physical layer characteristics of IoT devices. Specifically, we demonstrate how an attacker can leverage features extracted from device transmissions to identify packets originating from the same device. Once identified, the attacker can isolate the device's signals and potentially determine its physical location. This attack exploits the fact that microcontroller clock variations exist across devices, even within the same model line. By extracting transmission features and training machine learning (ML) models, we accurately identify the originating device of the packets. This study reveals inherent privacy vulnerabilities in IoT systems due to hardware imperfections that are beyond user control. These limitations have profound implications for the design of security frameworks in emerging ubiquitous sensing environments. Our experiments demonstrate that the proposed attack achieves 99% accuracy in real-world settings and can bypass privacy measures implemented at higher protocol layers. This work highlights the urgent need for privacy protection strategies across multiple layers of the IoT protocol stack.