Noisy Networks, Nosy Neighbors: Inferring Privacy Invasive Information from Encrypted Wireless Traffic

This thesis explores the extent to which passive observation of wireless traffic in a smart home environment can be used to infer privacy-invasive information about its inhabitants. Using a setup that mimics the capabilities of a nosy neighbor in an adjacent flat, we analyze raw 802.11 packets an...

WhosHere Plus. Trilateration vulnerability

WhosHere Plus is a dating app that uses GPS data to recommend users near to each other, based on similar interests. PTP constantly researches the state of privacy and security in apps that use GPS data, because the consequences of poor security and privacy are alarming: Tracking and snooping on a...

Bumble: Exfiltrating a victim's exact location (to within 5m)

I used Bumble's distance feature to exfiltrate the exact location to within approx 5m of a victim. I did this by using the Bumble API to move my attacker account's location around the approximate area of the victim. I was able to obtain the exact distance between attacker and victim at 3 separate...