Exploiting DNS for Stealthy User Tracking
Black Hat USA 2025 · Day 1 · Briefings
Researchers from Bitdefender demonstrated that DNS request patterns generated by smartphones are distinctive enough to fingerprint and track individual devices across network contexts with over 95% accuracy — using only statistical methods available for as little as $3,000 per month. Privacy controls like MAC address randomization and encrypted DNS reduce but do not eliminate the risk, and the technique works even within the two-week rotation window of modern iOS and Android randomization defaults. ---
AI review
DNS behavioral fingerprinting at 95% accuracy across 2,500 devices using nothing but TF-IDF and cosine similarity, deployable for $3,000 per month. MAC randomization's two-week window is the key attack surface here. Solid research with real data, honest methodology, and a threat model that applies to every telco and enterprise DNS resolver on earth.