Researchers Use DNS Requests for User Device Profiling and Cross-Network Tracking

Researchers from Bitdefender (Yangabella and Yan Pedrian) presented findings on using DNS requests from mobile devices to build user device profiles and enable cross-network tracking. The study analyzed 30,000 devices (iOS and Android) over 35 days, collecting 985 million DNS events via Bitdefender’s DNS resolvers. Key observations included platform-specific DNS patterns: iOS devices generated 10x more requests than Android, with Apple-related domains dominating iOS and Google-related domains on Android. The team used statistical methods (TF-IDF, cosine similarity) and machine learning (LSTM networks) to track devices, achieving over 95% accuracy after 24 hours of aggregated data. They found that even with 80% of DNS requests dropped, tracking remained feasible. Privacy measures like MAC randomization and encrypted DNS were discussed, though limitations were noted. The research highlighted potential misuse of DNS data for behavioral profiling and targeted advertising. Cost estimates for cloud-based tracking were approximately $3,000/month.