Ultrasonic Beacons Are Tracking Your Every Movement

Exterminator

Level 85
Thread author
Verified
Top Poster
Well-known
Oct 23, 2012
12,527
More than 200 Android mobile applications listen surreptitiously for ultrasonic beacons embedded in audio that are used to track users and serve them with targeted advertising.

Academics from Technische Universitat Braunschweig in Germany recently published a paper in which they describe their research into the practice of using these beacons to monitor a consumer’s shopping and possibly television viewing habits in order to serve them relevant advertising. The researchers raise a number of privacy concerns about such tracking, and how adversaries can abuse it to deduce a person’s physical location, and even theoretically de-anonymize their use of the Tor browser or crytocurrency such as Bitcoin.

“Recently, several companies have started to explore new ways to track user habits and activities with ultrasonic beacons,” researchers Daniel Arp, Erwin Quiring, Christian Wressnegger and Konrad Rieck wrote in “Privacy Threats Through Ultrasonic Side Channles on Mobile Devices.” “In particular, they embed these beacons in the ultrasonic frequency range between 18 and 20 kHz of audio content and detect them with regular mobile applications using the device’s microphone.”
The mobile user has no knowledge this is happening; the researchers found this behavior in 234 Android apps, up from 39 in 2015.

The researchers analyzed 140 hours of media data from TV streams and audio content. Four of 35 stores visited in two European cities used beacons for tracking, they wrote. While no TV streams included these beacons, the researchers believe it’s only a matter of time before this technology is used in commercials and marketers can track a user’s viewing habits. These beacons can also be used to link those habits to a mobile device.

“We conclude that even if the tracking through TV content is not actively used yet, the monitoring functionality is already deployed in mobile applications and might become a serious privacy threat in the near future,” the researchers wrote.

The paper presents a means for detecting these beacons, as well as a study of three mobile applications that listen for them: Shopkick, Lisnr and SilverPush. Shopkick, for example, has a number of commercial partners and offers users targeted rewards as they’re walking through a merchant’s door.

“In contrast to GPS, loudspeakers at the entrance emit an audio beacon that lets Shopkick precisely determine whether the user walked into a store,” the researchers wrote.

Other apps such as Lisnr and Signal360 get location-specific content from the beacons, including coupons and vouchers.

“Once the user has installed these applications on her phone, she neither knows when the microphone is activated nor is she able to see which information is sent to the company servers,” the researchers wrote.

Silverpush, meanwhile, could accelerate the adoption of these beacons in television commercials; the developers have filed a patent for this purpose, allowing the app to track a user’s viewing habits.

“In contrast to other tracking products, however, the number and the names of the mobile applications carrying this functionality are unknown,” the researchers wrote. “Therefore, the user does not notice that her viewing habits are monitored and linked to the identity of her mobile devices.”

The paper singles out a number of privacy threats posed by these beacons. In addition to linking identities to viewing habits, such media tracking could also expose a person’s political leanings or other personal preferences.

Adversaries can also abuse these beacons and learn about multiple devices linked to the same individual, facilitating targeted attacks, for example. The technology also allows for location tracking without the need for GPS.

The researchers also caution that the side-channel could also disclose a relationship between an individual’s Bitcoin address and their mobile phone, or similarly link usage of the Tor browser to a device.

“An adversary is able to obtain a detailed, comprehensive user profile by creating an ultrasonic side channel between the mobile device and an audio sender,” the researchers conclude. “Throughout our empirical study, we confirm that audio beacons can be embedded in sound, such that mobile devices spot them with high accuracy while humans do not perceive the ultrasonic signals consciously.”
 

Parsh

Level 25
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Dec 27, 2016
1,480
I found an interesting research paper explaining the use, method and calculations the Ultrosonic Beacons implementation employs for locating (different from the traditional GPS as obvious):
Alarge number of popular positioning systems in the literature employ techniques that use range data to calculate the position of a mobile device. This data is given as a set of measured distances from a mobile device to a number of reference nodes. Given that the locations of the reference nodes are known, it is possible to use a form of multilateration to calculate the position of the mobile device (Figure 1). To measure these distances, most systems use the time of ight of a broadcast signal such as radio or ultrasound. In the case of the Global Positioning System, radio signals are transmitted by satellites orbiting the earth (these are the reference nodes). A mobile receiver decodes the time of transmission from within the signal and subtracts it from the signal's reception time. The resulting time-of-ight is multiplied by the speed of light to give the distance to the source of the signal. Ultrasonic positioning systems work in a similar fashion to GPS; however, rather than use radio and the speed of light, they use ultrasound and the speed of sound through air. Some of these systems use a combination of radio and ultrasound [5,6] to measure time-of-ight, while others use purely ultrasound [8]. The method that we employ is different. Specically, we do not use a time-of-ight technique based on range information. Instead, we use shifts in the reception times of periodically transmitted signals as input to a form of Doppler positioning. The measured shifts are related to the movement of the mobile receiver, relative to the ultrasound beacons xed within the infrastructure. (It is important to note that we use the Dopplershift of the periodic signal, not the Doppler-shift of the ultrasonic carrier signal.)
Needless to say, this is scary, and beyond carefully selecting or controlling the applications in traditional ways. I am not sure though, if managing or revoking permissions or similar preventive methods will help eliminate chances here.
 

Arequire

Level 29
Verified
Top Poster
Content Creator
Feb 10, 2017
1,822
And advertisers wonder why people use ad blockers. Doesn't prevent this kind of tracking but I fail to see why I should provide funding to their industry when I don't get a choice in the matter or are even informed about the practice.
 
  • Like
Reactions: Deletedmessiah

Arequire

Level 29
Verified
Top Poster
Content Creator
Feb 10, 2017
1,822
I did some more research into this and it's actually not too concerning. First, it requires the app to be granted permission to use the microphone, so if you're on a newer version of Android you can deny mic access to anything that doesn't require it to function and secondly, the app has to be open to take advantage of it; it would require a persistent notification to use the mic in the background which would be a huge giveaway.
 
  • Like
Reactions: Parsh

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top