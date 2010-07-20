from the dept.
Bunnie Huang has published a reference design for a near-ultrasound data link.
We were requested to investigate “near ultrasound” (NUS) links as part of our research on developing the Simmel reference design for a privacy-preserving COVID-19 contact tracing device. After a month of poking at it, the TL;DR is that, as suspected, the physics of NUS is not conducive to reliable contact tracing. While BLE has the problem that you have too many false positive contacts, NUS has the problem of too many false negatives: pockets, purses, and your own body can effectively block the signal.
That being said, we did develop a pretty decent-performing NUS data link, so we’ve packed up what we did into an open source reference design that you can clone and use in your own projects.
(2020) Your Apps Can Pick Up Ultrasonic Signals You Can't Hear
(2017) Ultrasound Tracking Could be Used to Deanonymize Tor Users
Ultrasounds emitted by ads or JavaScript code hidden on a page accessed through the Tor Browser can deanonymize Tor users by making nearby phones or computers send identity beacons back to advertisers, data which contains sensitive information that state-sponsored actors can easily obtain via a subpoena.
This attack model was brought to light towards the end of 2016 by a team of six researchers, who presented their findings at the Black Hat Europe 2016 security conference in November and the 33rd Chaos Communication Congress held last week.
Their research focuses on the science of ultrasound cross-device tracking (uXDT), a new technology that started being deployed in modern-day advertising platforms around 2014.
uXDT relies on advertisers hiding ultrasounds in their ads. When the ad plays on a TV or radio, or some ad code runs on a mobile or computer, it emits ultrasounds that get picked up by the microphone of nearby laptops, desktops, tablets or smartphones.
These second-stage devices, who silently listen in the background, will interpret these ultrasounds, which contain hidden instructions, telling them to ping back to the advertiser's server with details about that device.
High-frequency audio could be used to stealthily track netizens
Technical folks looking to improve web privacy haven't been able to decide whether sound beyond the range of human hearing poses enough of a privacy risk to merit restriction.
People can generally hear audio frequencies ranging from 20 Hz and 20,000 Hz, though individual hearing ranges vary. Audio frequencies below and above the threshold of human hearing are known as infrasound and ultrasound, respectively.
[...] A warning from America's trade watchdog, the FTC, in 2016 and research published the following year identifying 234 Android apps listening covertly for ultrasound beacons, helped discourage inaudible tracking.
Several of the companies called out for these privacy-invading practices, such as SilverPush, have moved on to other sorts of services. But the ability to craft code that communicates silently with mobile devices through inaudible sound remains a possibility, both for native apps and web apps. Computer security researchers continue to find novel ways to use inaudible audio for data exfiltration. And ultrasound is still used for legitimate operations – Google's Cast app, for example, relies on an ultrasonic token when pairing with a nearby Chromecast.
[...] Weiler raised the subject three weeks ago – one element in a larger debate about reducing the fingerprinting surface of the Web Audio API. And last week, the discussion thread was closed by Raymond Toy, a Google software engineer and co-chair of the W3C's Audio Working Group.
Toy argued that if a developer is allowed to use a specific audio sampling rate, no additional permission should be required – few users enjoy dealing with permission prompts, after all. And other web developers participating in the debate expressed concern that limiting available frequency ranges could introduce phase shifting or latency and that there's no sensible lower or upper threshold suitable for everyone.