This study addresses the privacy risks posed by metadata leakage in encrypted IoT communications, which can reveal device identities and user context despite content encryption. To this end, the authors propose a novel passive fingerprinting approach that, for the first time, integrates time–frequency representations—such as the short-time Fourier transform—with a Transformer architecture to perform covert analysis of encrypted traffic. By moving beyond conventional spatial-domain methods, the technique effectively captures discriminative time–frequency features, achieving over 99% classification accuracy across diverse IoT devices. The results uncover a new class of context-aware privacy vulnerabilities rooted in spectral semantics and demonstrate the method’s high efficacy and feasibility for stealthy reconnaissance in real-world scenarios.

The rapid expansion of internet of things (IoT) devices have created a pervasive ecosystem where encrypted wireless communications serve as the primary privacy and security protection mechanism. While encryption effectively protects message content, packet metadata and statistics inadvertently expose device identities and user contexts. Various studies have exploited raw packet statistics and their visual representations for device fingerprinting and identification. However, these approaches remain confined to the spatial domain with limited feature representation. Therefore, this paper presents CONTEX-T, a novel framework that exploits contextual privacy vulnerabilities using spectral representation of encrypted wireless traffic for IoT device characterization. The experiments show that spectral analysis provides new and rich feature representation for covert reconnaissance attacks, revealing a complex and expanding threat landscape that would require robust countermeasures for IoT security management. CONTEXT-T first transforms raw packet length sequences into time-frequency spectral representations and then utilizes transformer-based spectral analysis for the device identification. We systematically evaluated multiple spectral representation techniques and transformer-based models across encrypted traffic samples from various IoT devices. CONTEXT-T effectively exploited privacy vulnerabilities and achieved device classification accuracy exceeding 99% across all devices while remaining completely passive and undetectable.