Stories
Slash Boxes
Comments

SoylentNews is people

Ultrasound Tracking Could be Used to Deanonymize Tor Users

posted by on Monday January 09 2017, @11:37AM   Printer-friendly
from the it's-the-NSA,-not-a-mosquito dept.

Arthur T Knackerbracket has found the following story:

Ultrasounds emitted by ads or JavaScript code hidden on a page accessed through the Tor Browser can deanonymize Tor users by making nearby phones or computers send identity beacons back to advertisers, data which contains sensitive information that state-sponsored actors can easily obtain via a subpoena.

This attack model was brought to light towards the end of 2016 by a team of six researchers, who presented their findings at the Black Hat Europe 2016 security conference in November and the 33rd Chaos Communication Congress held last week.

Their research focuses on the science of ultrasound cross-device tracking (uXDT), a new technology that started being deployed in modern-day advertising platforms around 2014.

uXDT relies on advertisers hiding ultrasounds in their ads. When the ad plays on a TV or radio, or some ad code runs on a mobile or computer, it emits ultrasounds that get picked up by the microphone of nearby laptops, desktops, tablets or smartphones.

These second-stage devices, who silently listen in the background, will interpret these ultrasounds, which contain hidden instructions, telling them to ping back to the advertiser's server with details about that device.

-- submitted from IRC

Original Submission

 
This discussion has been archived. No new comments can be posted.
Ultrasound Tracking Could be Used to Deanonymize Tor Users | Log In/Create an Account | Top | 44 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 3, Interesting) by jmoschner on Monday January 09 2017, @12:52PM

    by jmoschner (3296) on Monday January 09 2017, @12:52PM (#451419)

    Can most cheap speakers even produce audio in that range?

    Even if they could, can't you add a software or hardware filter to remove ultrasonic sounds from the line to the speakers?

    Starting Score:    1  point
    Moderation   +1  
       Interesting=1, Total=1
    Extra 'Interesting' Modifier   0  
    Karma-Bonus Modifier   +1  
    Total Score:   3  

  • (Score: 4, Insightful) by physicsmajor on Monday January 09 2017, @01:45PM

    by physicsmajor (1471) on Monday January 09 2017, @01:45PM (#451441)

    Not a bad thought, but the issue is that for a huge part of the population the audible range is a fantasy - most adults can't hear above 12-15kHz. But speakers are almost uniformly able to produce up through 20 kHz. And unlike adult ears, your phone can hear up there no problem.

    • (Score: 1, Insightful) by Anonymous Coward on Tuesday January 10 2017, @12:07AM

      by Anonymous Coward on Tuesday January 10 2017, @12:07AM (#451763)

      That is why god created band-pass filters.

    • (Score: 2) by Osamabobama on Tuesday January 10 2017, @12:23AM

      by Osamabobama (5842) on Tuesday January 10 2017, @12:23AM (#451776)

      A few days ago I was trying to explain to my young daughter what a millisecond was. I searched YouTube for the sound of a 1kHz square wave and then explained that there is a click every millisecond. Of course, the sound was a tone, but I digress...

      The video went on to play higher frequencies, and at 12KHz I could barely discern any sound while she heard it clearly. Wear your earplugs, kids.

      --
      Appended to the end of comments you post. Max: 120 chars.

  • (Score: 2) by inertnet on Monday January 09 2017, @03:40PM

    by inertnet (4071) on Monday January 09 2017, @03:40PM (#451482) Journal

    And while you're at it, create a warning system that beeps (...) when a browser or other non whitelisted software tries to make those sounds. So we can take action against the creators.