News

TrackAR: AR/VR Device Fingerprinting and User-Device Pairing Detection via Shared Motion Sensor Data
Tanvir Ahmed Mahdad, Md Shahidur Rahman and Nitesh Saxena
In the 19th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec), June-July 2026.

• SoK: PHILTER: Uncovering Security and Functional Gaps in AI-based Phishing Website Detection Literature via an LLM-based Reasoning Framework
  Mahbub Alam, Muhammad Lutfor Rahman, Sonjoy Kumar Paul, Amy W. Hays, Aftab Hussain, Md Imanul Huq, and Nitesh Saxena
  In the 35th USENIX Security Symposium, August 2026.

SPIES Research Lab’s study, led by Kalyan Nakka, Jimmy Dani and Nitesh Saxena, has been cited in a major South Korean news coverage, featuring a significant AI security incident of LG Uplus’s popular AI calling app “ixi-O”. Our study on the trust and ethics gap in Small Language Models (SLMs) applied to on-device AI, has revealed that SLMs have “much lower reliability than server-based SLMs” and pose “greater risk of leaking personal information”. These findings proved prescient, when “ixi-O” app, promoted as strong on security due to on-device AI, has experienced a data breach affecting dozens of users in South Korea, emphasizing our study’s privacy concerns in on-device AI systems and their real-world impact.

Link: https://biz.chosun.com/en/en-it/2025/12/09/LYNFHR3PKJAVDHXP4LWOBIHHXQ/

Read More: arXiv

 

The Texas A&M University College of Engineering highlighted SPIES Lab’s browser fingerprinting research, emphasizing how websites are stealthily using browser fingerprinting to track users online. The study shows that clearing cookies provides a false sense of security, as websites link unique device signatures to advertising behavior in real time to track users invisibly. To combat this, we developed the FPTrace framework that exposes fingerprint-based tracking practices even under current privacy regulations like GDPR and CCPA.

Links:
1. YouTube
2. TAMU College of Engineering (LinkedIn Post)

• LiteLMGuard: Seamless and Lightweight On-Device Guardrails for Small Language Models against Quantization Vulnerabilities
  Kalyan Nakka, Jimmy Dani, Ausmit Mondal, Nitesh Saxena
  In the International Joint Conference on Natural Language Processing & Asia-Pacific Chapter of the Association for Computational Linguistics (IJCNLP-AACL) Findings, December 2025
  [pdf]

We are delighted to share that our paper, “Harnessing Vital Sign Vibration Harmonics for Effortless and Inbuilt XR User Authentication,” has received the Distinguished Paper Award at the ACM Conference on Computer and Communications Security (CCS) 2025.

This recognition highlights the impact and innovation of our collaborative work, which introduces a novel authentication mechanism leveraging vibration harmonics derived from users’ vital signs within extended reality (XR) systems to enable continuous, effortless, and built-in user verification.

The acceptance rate for CCS 2025 was 13.9% (316 accepted out of 2,278 submissions), and only about 1% of all submitted papers received a Distinguished Paper Award.

Congratulations to the entire team for this outstanding achievement!

#ACMCCS2025 #CyberSecurity #XR #Authentication

• Infrastructure Patterns in Toll Scam Domains: A Comprehensive Analysis of Cybercriminal Registration and Hosting Strategies
  Morium Akter Munny, Mahbub Alam, Sonjoy Kumar Paul, Daniel Timko, Muhammad Lutfor Rahman and Nitesh Saxena
  In APWG’s Symposium on Electronic Crime Research (eCrime), November 2025.

• Your Headset is Listening: Motion Sensor Side-Channels and the Future of XR Privacy
  Cong Shi, Yan Wang, Yingying Chen, and Nitesh Saxena.
  In IEEE Security and Privacy (Magazine), 2025.

• Harnessing Vital Sign Vibration Harmonics for Effortless and Inbuilt XR User Authentication
  Tianfang Zhang, Qiufan Ji, Md Mojibur Rahman Redoy Akanda, Zhengkun Ye, Ahmed Tanvir Mahdad, Cong Shi, Yan Wang, Nitesh Saxena, Yingying Chen
  In the ACM SIGSAC Conference on Computer and Communications Security (CCS), October 2025.