Summary: This paper appears in the proceedings of the 16th USENIX Security Symposium 2007. This version contains
minor formatting changes.
Devices That Tell On You: Privacy Trends in Consumer Ubiquitous
T. Scott Saponas
May 14, 2007
We analyze three new consumer electronic gadgets in order to gauge the privacy and security trends
in mass-market UbiComp devices. Our study of the Slingbox Pro uncovers a new information leak-
age vector for encrypted streaming multimedia. By exploiting properties of variable bitrate encoding
schemes, we show that a passive adversary can determine with high probability the movie that a user is
watching via her Slingbox, even when the Slingbox uses encryption. We experimentally evaluated our
method against a database of over 100 hours of network traces for 26 distinct movies.
Despite an opportunity to provide significantly more location privacy than existing devices, like
RFIDs, we find that an attacker can trivially exploit the Nike+iPod Sport Kit's design to track users; we
demonstrate this with a GoogleMaps-based distributed surveillance system. We also uncover security