Stories
Slash Boxes
Comments

SoylentNews is people

posted by on Monday January 09 2017, @11:37AM   Printer-friendly
from the it's-the-NSA,-not-a-mosquito dept.

Ultrasounds emitted by ads or JavaScript code hidden on a page accessed through the Tor Browser can deanonymize Tor users by making nearby phones or computers send identity beacons back to advertisers, data which contains sensitive information that state-sponsored actors can easily obtain via a subpoena.

This attack model was brought to light towards the end of 2016 by a team of six researchers, who presented their findings at the Black Hat Europe 2016 security conference in November and the 33rd Chaos Communication Congress held last week.

Their research focuses on the science of ultrasound cross-device tracking (uXDT), a new technology that started being deployed in modern-day advertising platforms around 2014.

uXDT relies on advertisers hiding ultrasounds in their ads. When the ad plays on a TV or radio, or some ad code runs on a mobile or computer, it emits ultrasounds that get picked up by the microphone of nearby laptops, desktops, tablets or smartphones.

These second-stage devices, who silently listen in the background, will interpret these ultrasounds, which contain hidden instructions, telling them to ping back to the advertiser's server with details about that device.

-- submitted from IRC


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by canopic jug on Monday January 09 2017, @03:27PM

    by canopic jug (3949) Subscriber Badge on Monday January 09 2017, @03:27PM (#451476) Journal

    It can't be done because you can't patch fast enough. Every time there is enough data accumulated to create a profile or signature for the malware, it is too late.

    --
    Money is not free speech. Elections should not be auctions.
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2  
  • (Score: 2) by MrGuy on Monday January 09 2017, @03:42PM

    by MrGuy (1007) on Monday January 09 2017, @03:42PM (#451483)

    Tell me why this same argument doesn't imply antivirus in general is useless.

    • (Score: 3, Informative) by canopic jug on Monday January 09 2017, @04:04PM

      by canopic jug (3949) Subscriber Badge on Monday January 09 2017, @04:04PM (#451488) Journal
      That is the point. Anti-virus is proven useless and, often, harmful. The alternative is using more robust systems. That excludes M$ and web browser Javascript
      --
      Money is not free speech. Elections should not be auctions.
      • (Score: 2) by MrGuy on Monday January 09 2017, @05:02PM

        by MrGuy (1007) on Monday January 09 2017, @05:02PM (#451506)

        Life would be better if everyone was on a well-administered linux system and running a browser that perfectly sandboxed content and data (by the way, if you know of one, let me know).

        Fine. Point taken. But IMO it's not a terrible helpful suggestion in the real world.

        • (Score: 2) by canopic jug on Monday January 09 2017, @05:39PM

          by canopic jug (3949) Subscriber Badge on Monday January 09 2017, @05:39PM (#451530) Journal

          It depends. People didn't used to wash their hands, not even surgeons. People didn't used to handle and store food in ways now known to be safe, not even after serving. For a period there were even radioactive products on the market, some for human consumption. Things change. It's just taking a while to get around to treating computing like any other industry. Gates and his minions have a lot of people bamboozled but that may come to a turning point due to the political crisis in the US. It could turn for the better or the worse, but even if it turns for the worse, it is likely to push the rest of the world in the right direction that much harder.

          Browsers suck but a lot of the problems go away, or ameliorate slightly at least, by moving to dedicated client applications. Smartphones are already kind of pretending to go in that direction and although their "apps" are mostly wrappers for web pages it wouldn't take much to step over to making proper, dedicated applications. There are enough portable frameworks that it is not just possible but relatively easy. Statefullness and proper encryption are the first obvious improvements. There are even distribution channels (repositories, stores) with various levels of vetting for OS X, Chrome/Linux, Android/Linux, and the various GNU/Linux distros. Any of that is a step up from the situation we have now.

          --
          Money is not free speech. Elections should not be auctions.
        • (Score: 3, Interesting) by Scruffy Beard 2 on Monday January 09 2017, @09:53PM

          by Scruffy Beard 2 (6030) on Monday January 09 2017, @09:53PM (#451670)

          I have stopped suggesting anti-viruses for the average user.

          If you tell the average user that they have an anti-virus installed, they become complacent and assume it will catch anything bad.

          The Sony-BMG rootkit [wikipedia.org] scandal (never forget!) was probably my wake-up call that anti-virus software is kind of useless.