On Privacy Risks of Watching YouTube over Cellular Networks with Carrier Aggregation

Nitya Lakshmanan, Abdelhak Bentaleb, Byoungjun Choi, Roger Zimmermann, Jun Han, Min Suk Kang

Research output: Contribution to journalArticlepeer-review


One's core values, personality, and social status may be reflected in the watch history of online video streaming services such as YouTube. Unfortunately, several prior research work demonstrates that man-in-the-middle or malware-assisted attackers can accurately infer the titles of encrypted streaming videos by exploiting the inherent correlation between the encoded video contents and the traffic rate changes. In this paper, we present a novel video-inference attack called Moba that further exacerbates the problem by only requiring the adversary to simply eavesdrop the broadcast messages of a primary cell of a targeted user's cellular phone. Our attack utilizes a side channel in modern cellular networks that leaks the number of actively transmitting cells for each user. We show that this seemingly harmless system information leakage can be used to achieve practical video-inference attacks. To design effective video-inference attacks, we augment the coarse-grained side-channel measurements with precise timing information and estimate the traffic bursts of encrypted video contents. The Moba attack considers an adversary-chosen set of suspect YouTube videos, from which a targeted user may watch some videos during the attack. We confirm the feasibility of Moba in identifying the exact YouTube video title (if it is from the suspect set) via our over-the-air experiments conducted in LTE-Advanced networks in two countries. Moba can be effective in verifying whether a targeted user watches any of the suspect videos or not; e.g., precision of 0.98 is achieved after observing six-minutes of a single video play. When further allowed to observe multiple video plays, Moba adversary is able to identify whether the targeted user frequently watches the suspect videos with a probability close to one and a near-zero false positive rate. Finally, we present a simple padding-based countermeasure that significantly reduces the attack effectiveness without sacrificing any cellular radio resources.

Original languageEnglish
Article number19
JournalProceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies
Issue number1
Publication statusPublished - 2022 Mar

Bibliographical note

Funding Information:
This work was supported by the National Research Foundation of Korea (NRF) grant funded by the Korea government (MSIT) (No. 2021R1C1C1008462).

Publisher Copyright:
© 2022 Owner/Author.

All Science Journal Classification (ASJC) codes

  • Human-Computer Interaction
  • Hardware and Architecture
  • Computer Networks and Communications


Dive into the research topics of 'On Privacy Risks of Watching YouTube over Cellular Networks with Carrier Aggregation'. Together they form a unique fingerprint.

Cite this