To avoid exploitation of known vulnerabilities, it is standard security practice to not disclose any model information regarding the antennas used in cellular infrastructure. However, in this work, we show that end-user devices receive enough information to infer, with high accuracy, the model-family of antennas. We demonstrate how low-cost hardware and software setups can fingerprint the cellular infrastructure of whole regions within a few minutes by only listening to cellular broadcast messages. To show the effectiveness and hence risk of such fingerprinting, we collected an extensive dataset of broadcast messages from three different countries. We then trained a machine-learning model to classify broadcast messages based on the model-family they belong to. Our results reveal a worryingly high average accuracy of 97% for model-family classification. We further discuss how inferring the model-family with such high accuracy can lead to a class of identification attacks on cellular infrastructure and we subsequently suggest countermeasures to mitigate the fingerprint effectiveness.@en

Sensing people with mmWave radars is gaining significant attention. This growing interest is due to two factors: radar monitoring provides more privacy than camera-based alternatives, and radio waves are not as easily blocked as light waves. Most mmWave studies, however, have three common characteristics. They are done indoors, without protecting the sensor (no casing), and the evaluation is performed for short periods of time. To assess the suitability of mmWave sensing in realistic outdoor scenarios, we deploy two nodes to track the flow of pedestrians over a period of three months. This longterm deployment provides three main contributions. First, we follow a detailed process to design a casing that can protect the sensors from harsh environmental conditions. Second, we install our nodes close to a set of cameras that were already deployed in the area. To compare the performance of both types of sensors, we propose a framework that considers the different coverage patterns of cameras and radars. Third, the time frame of our evaluation considers various types of weather, from sunny days to rainy and windy. Our results indicate that mmWave sensors need to be explored further outside the comfort zone of indoor spaces. To the best of our knowledge, this is the first long-term study assessing the reliability of radar sensors in the 60 GHz ISM band.@en