News

TrackAR: AR/VR Device Fingerprinting and User-Device Pairing Detection via Shared Motion Sensor Data
Tanvir Ahmed Mahdad, Md Shahidur Rahman and Nitesh Saxena
In the 19th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec), June-July 2026.

SPIES Research Lab’s study, led by Kalyan Nakka, Jimmy Dani and Nitesh Saxena, has been cited in a major South Korean news coverage, featuring a significant AI security incident of LG Uplus’s popular AI calling app “ixi-O”. Our study on the trust and ethics gap in Small Language Models (SLMs) applied to on-device AI, has revealed that SLMs have “much lower reliability than server-based SLMs” and pose “greater risk of leaking personal information”. These findings proved prescient, when “ixi-O” app, promoted as strong on security due to on-device AI, has experienced a data breach affecting dozens of users in South Korea, emphasizing our study’s privacy concerns in on-device AI systems and their real-world impact.

 

Link: https://biz.chosun.com/en/en-it/2025/12/09/LYNFHR3PKJAVDHXP4LWOBIHHXQ/

Read More: arXiv

 

The Texas A&M University College of Engineering highlighted SPIES Lab’s browser fingerprinting research, emphasizing how websites are stealthily using browser fingerprinting to track users online. The study shows that clearing cookies provides a false sense of security, as websites link unique device signatures to advertising behavior in real time to track users invisibly. To combat this, we developed the FPTrace framework that exposes fingerprint-based tracking practices even under current privacy regulations like GDPR and CCPA.

Links:
1. YouTube
2. TAMU College of Engineering (LinkedIn Post)

• LiteLMGuard: Seamless and Lightweight On-Device Guardrails for Small Language Models against Quantization Vulnerabilities
  Kalyan Nakka, Jimmy Dani, Ausmit Mondal, Nitesh Saxena
  In the International Joint Conference on Natural Language Processing & Asia-Pacific Chapter of the Association for Computational Linguistics (IJCNLP-AACL) Findings, December 2025
  [pdf]

We are delighted to share that our paper, “Harnessing Vital Sign Vibration Harmonics for Effortless and Inbuilt XR User Authentication,” has received the Distinguished Paper Award at the ACM Conference on Computer and Communications Security (CCS) 2025.

This recognition highlights the impact and innovation of our collaborative work, which introduces a novel authentication mechanism leveraging vibration harmonics derived from users’ vital signs within extended reality (XR) systems to enable continuous, effortless, and built-in user verification.

The acceptance rate for CCS 2025 was 13.9% (316 accepted out of 2,278 submissions), and only about 1% of all submitted papers received a Distinguished Paper Award.

Congratulations to the entire team for this outstanding achievement!

#ACMCCS2025 #CyberSecurity #XR #Authentication

6 out of 7 of our PhD graduates from the past 4 years have been recruited as faculty members, making the positive difference to the world of academia. Not to say that the 7th one is not a special one too — he is holding the cybersecurity fort at the US government. Truly exceptional pool of students I have been fortunate to work with. 

Those six:

1. Ahmed Tanvir Mahdad (@TAMU, Fall 2019 to Summer 2025; thesis title “New Frontiers in Authentication and Side Channels in Emerging Platforms: 2FA Attacks, Sensor Exploits and AR/VR Security”; now an Assistant Professor of EECS at Ohio University)
2. Mashari Alatawi (@TAMU, Spring 2019 to Spring 2024; thesis title “On the Security of End-to-End Encrypted Messaging and Calling Applications”; now an Assistant Professor of Computer Science in the College of Computer and Information Sciences at King Saud University, Saudi Arabia).
3. Zengrui Liu (@TAMU, Fall 2018 – Fall 2023; thesis title “An Exposition of User Privacy on the Web: Fingerprinting and Tracking”, now an Assistant Professor at College of Information Engineering at the Nanjing University of Finance and Economics, China)
4. Cagri Arisoy (since Fall 2018 – Fall 2023; thesis title “A Neurophysiological Exploration Of Human Behavior In User-Centered Cybersecurity”, now an Assistant Professor at College Engineering Computer Engineering department at the Yozgat Bozok University. Turkey).
5. Shalini Saini (@TAMU;  Fall 2019 – Summer 2023; thesis title “Privacy and Security of Emerging Technologies in Changing Healthcare Paradigms”; now an Assistant Professor of the Computer Science and Engineering Technology department at the University of Maryland Eastern Shore)
6. Anuradha Mandal (@UAB; Fall 2019 – Summer 2022; thesis title “On the Privacy Leakage via Neural Devices”; now a Visiting Assistant Professor to tenure-track Assistant Professor in the Computer Science department at the University at Albany, State University of New York (SUNY)

That one (outlier?):

1. Payton Walker (@TAMU; Fall 2019 – Summer 2022; thesis title “An Exposition of Speech-based Threats in the Face of Emerging Technology”; now a Researcher and Project Leaer at the MITRE, recruited as part of the National Security Accelerator Program (NSAP))

 

• Infrastructure Patterns in Toll Scam Domains: A Comprehensive Analysis of Cybercriminal Registration and Hosting Strategies
  Morium Akter Munny, Mahbub Alam, Sonjoy Kumar Paul, Daniel Timko, Muhammad Lutfor Rahman and Nitesh Saxena
  In APWG’s Symposium on Electronic Crime Research (eCrime), November 2025.