Joined: 14 Sep 2013
Location: Off Lizard Island for a bit
|Posted: Sat 06 May 2017, 03:11 Post subject:
Thanks Interesting read
I thought on start that "the researchers said" was a give away as falseness but on looking in the link given there is a 13 page thesis on it .
I include a coupe of paras from it
Based on the different challenges for transmission, we
identify defenses to limit the tracking via ultrasonic beacons.
Obviously, a simple yet effective defense strategy is to filter
out frequencies above 18 kHz in the transmitted audio signal,
e.g. in the radio or TV device. However, manipulating either
the hardware or software of these devices is not tractable for
a regular user. Moreover, the emitting sender is not always in
the user’s control, for example during the location tracking.
Therefore, practical countermeasures affect the mobile
device. If the device is not listening secretly, a transmitted
audio beacon is harmless. Hence, we consider the following
countermeasures for the Android platform:
Detection of implementations. An option is to scan for applications for known functionality of ultrasonic side channels.
Our detection tool presented in Section 4.2 might provide a
good start for the development of a corresponding defense.
Similarly to a virus scanner, such a detection can be applied
locally on the device as well as globally on a market place
directly. As our approach builds on static code analysis,
however, detecting the corresponding functionality can be
hindered by obfuscating the respective implementations.
Notification. Just as for Bluetooth or Wifi, a more finegrained control of the audio recording is likely the best
strategy for limiting the impact of ultrasonic side channels.
A combination of user notifications and a status in the pull
down menu can inform the user when a recording takes
place and lets her detect unwanted activities.
This paper marks a first step against the emerging privacy
threat of ultrasonic tracking. In particular, an adversary
can monitor a user’s local TV viewing habits, track her
visited locations and deduce her other devices. Furthermore,
a side channel attack to Bitcoin or Tor users become even
possible. In the end, an adversary is able to obtain a detailed,
comprehensive user profile with a regular mobile application
and the device’s microphone solely.
By analyzing prominent examples of commercial tracking
technologies, we gained insights about their current state of
the art and the underlying communication concepts. The case
of SilverPush emphasizes that the step between spying and
legitimately tracking is rather small. SilverPush and Lisnr
share essential similarities in their communication protocol
and signal processing. While the user is aware about Lisnr’s
location tracking, SilverPush does not reveal the application
names with the tracking functionality.
Throughout our empirical study, we confirm that audio
beacons can be embedded in sound, such that mobile
devices spot them with high accuracy while humans do
not perceive the ultrasonic signals consciously. Moreover,
we spot ultrasonic beacons from Lisnr in music and Shopkic
Now designing a filter to go on the mike line would not be hard . Getting it down to a size to fit on the mike leads and inside the phone might be.maybe a stick on over the mike like those screens used over music recording mikes?