Deanonymizing Device Identities via Side-channel Attacks in Exclusive-use IoTs & Mitigation
Christopher Ellis
Network and Distributed System Security (NDSS) Symposium 2025 · Day 1 · IoT Security
This talk, presented by Christopher Ellis, a PhD student at Ohio State University, unveils a critical and historically overlooked flaw in the communication patterns of **exclusive-use IoT devices**. Titled "Deanonymizing Device Identities via Side-channel Attacks in Exclusive-use IoTs & Mitigation," the research introduces a new class of tracking attacks, dubbed **ID bleed**, which exploit a fundamental boolean indicator of trusted relationships. This vulnerability allows adversaries to deanonymize and track devices even when modern countermeasures like MAC address randomization are in place.
AI review
Solid original research from a PhD student that identifies a real, underappreciated privacy vulnerability class in IoT protocols — the boolean trust indicator as a tracking side channel. The attack model is clean, the scope across BLE, Wi-Fi, and companion apps is credible, and the proposed anonymization layer comes with actual performance numbers rather than hand-waving. Not paradigm-shifting, but this is honest, reproducible work that advances the privacy conversation in a field drowning in superficial studies.