[ad_1]
Engineering Quotes from experts | News releases | technologies
November 16, 2022
Researchers at the University of Washington examined 44 3D tours in 44 US states to identify potential security issues when personal information was added to the tour. Shown here is a screenshot of the 3D tour accessed through the Redfin website.
3D virtual tours on real estate sites like Zillow and Redfin allow viewers to explore homes without leaving the couch.
Sometimes the houses on these tours are staged, but sometimes they contain evidence of the lives of the current residents. Researchers at the University of Washington wondered whether personal items visible in 3D tours could pose privacy risks.
The team researched 44 3D tours on the real estate website. Each tour was for a home in a different state and included at least one personal detail — such as a letter, college diploma, or photos. The researchers concluded that details left on these tours could expose residents to various threats, including phishing attacks or credit card fraud.
The team published these findings on November 8 and will present them at the USENIX 2023 Security Symposium.
UW News reached out to lead author Rachel McAmis, a doctoral student in the Paul H. Allen School of Computer Science and Engineering, to learn more about the study.
Rachel McAmis
Why are 3D tours a bigger privacy issue than photos?
RM: with 3D tours, you can see all the rooms in the house and many more corners of the room than with photos. It’s also possible to zoom in on details more easily than in photos – if someone accidentally dropped a sensitive document like a letter, it would be possible to read the letter from a 3D tour if the camera quality is good enough.
What types of privacy issues have you discovered?
RM: We found traditionally confidential information that should never be shared with strangers, as well as information that reveals people’s behavior and preferences.
Most of the 3D tours in our study showed the full names of residents due to various elements that were omitted. Some examples included medication labels, passwords, credit card information, and a letter indicating a legal violation.
Viewers of the 3D tours can also see people’s behaviors and preferences, including the products and brands someone buys, their political affiliation, how clean their house is, how many family members live together, their religion, and whether they have a pet.
Here is a 3D tour, made by an artist, where an attacker can obtain information about a person’s education, hobbies, and passwords.Akira Ohiso
Why are these privacy concerns and what are the potential threats from this?
RM: Anyone who accesses the real estate website hosting these 3D tours may obtain the sensitive information listed above, which could lead to credit card fraud, account hacking, identity theft, and other harm.
Behavioral and preference information revealed in 3D tours could allow someone to target a resident with a personalized message, such as fraudulently passing off an email from a brand the resident frequently purchases from. Others may want to publicize the socially damaging behaviors and preferences they find on the 3D tour.
Of course, if someone is already sharing information about their preferences on a public social media page, removing that information from their 3D tour isn’t enough to prevent that information from being widely shared online.
Would you expect to see the same types of questions on any 3D home tour on any real estate website?
RM: We believe this is an industry-wide problem. Any online real estate site that uses 3D tours can have tours that reveal sensitive information, even rental websites and other properties. For example, there have been several articles in the past about how people find celebrity homes on many real estate websites by looking at the details on a 3D tour.
Is it possible to make a 3D tour that is privacy safe? If not, what are the potential solutions to these problems?
RM: Generally yes, and most 3D tours on real estate websites are already well organized to remove sensitive information from view. Houses where all personal belongings are removed and the rooms are either empty or filled with furniture will not have the same privacy problems as a house where the residents’ personal belongings are visible. However, as our research shows, many residents withhold their information.
Shown here is an artist’s rendering of a 3D tour where the person’s face in the photo is blurred, but the reflection of the face is not. The enemy could identify the resident by reflection.Akira Ohiso
Are there any special safety precautions people can take when setting up their home for a 3D tour?
RM: Residents should be aware of the items they leave behind during 3D scanning. For example, residents may want to remove any objects with text that reveals information about them, or objects that reveal other behavior or information about preferences that they do not want made public on the Internet.
Choosing to use a 3D tour can bring many benefits to a home seller, but sellers should be careful to hide personal items before scanning their home for a 3D tour.
Tadayoshi Kono, a UW professor in the Allen School, also co-authored this article. This research was supported by the National Science Foundation and the University of Washington Technology Policy Lab, as well as gifts from Google, Meta, Qualcomm, and Woven Planet.
For more information, contact McAmis at rcmcamis@cs.washington.edu and Kohno at yoshi@cs.washington.edu.
Permit number: 1565252
Tags: College of Engineering • Paul G. Allen School of Computer Science and Engineering • Rachel McAmis • Tadayoshi Kono
[ad_2]
Source link
