Lumos System Can Find Hidden Cameras and IoT Devices in Your Airbnb or Hotel Room

0
302

A group of researchers has developed a method that can be used on a phone or a laptop to identify and locate concealed Wi-Fi-connected IoT devices in unfamiliar physical settings.

With hidden cameras being increasingly used to snoop on individuals in hotel rooms and Airbnbs, the goal is to be able to pinpoint such rogue devices without much of a hassle.

The technology, named Lumos, is intended to “visualize their presence via an augmented reality interface,” according to Carnegie Mellon University’s Rahul Anand Sharma, Elahe Soltanaghaei, Anthony Rowe, and Vyas Sekar in a recent article.

The platform detects and identifies hidden devices by sniffing and collecting encrypted wireless traffic over the air. Then, when the user walks around the perimeter of the area, it estimates the location of each recognized device in relation to the user.

The localization module, for its part, combines signal strength measurements contained in 802.11 packets (called Received Signal Strength Indicator or RSSI) with relative user position determined by mobile phone visual inertial odometry (VIO) information.

On Apple’s iOS devices, for example, positional tracking is accomplished by ARKit, a developer API that allows developers to create augmented reality experiences by utilizing the phone’s camera, CPU, GPU, and motion sensors.

“As the user approaches each device, the RSSI values corresponding to those data points grow, and subsequently decrease as she moves away from the device,” the researchers explained. “Lumos estimates the position of each device based on spatial observations of RSSI values and their fluctuations.”

Furthermore, Lumos can locate IoT devices regardless of the user’s walking speed. A fingerprinting module is also included, which analyzes collected 802.11 traffic patterns using a machine learning model to identify devices based on MAC addresses.

The study tested Lumos on 44 distinct IoT devices of various sorts, models, and brands in six different contexts, discovering that it can detect concealed devices with 95% accuracy and locate them with a median inaccuracy of 1.5m in a two-bedroom, 1000 sq.ft. apartment in 30 minutes.

However, an expert attacker can use techniques such as MAC address randomization to avoid detection and avoid localisation by randomly changing the transmit power of the devices.

“Lumos can possibly generalize across numerous device brands and models provided it has encountered at least one device with comparable behavior in the training phase,” the researchers noted, pointing out how the system can even recognize unprofiled devices.

Leave A Reply

Please enter your comment!
Please enter your name here