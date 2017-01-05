Ultrasound Tracking Could Be Used To Deanonymize Tor Users (bleepingcomputer.com) 11
New submitter x_t0ken_407 quotes a report from BleepingComputer: Ultrasounds emitted by ads or JavaScript code hidden on a page accessed through the Tor Browser can deanonymize Tor users by making nearby phones or computers send identity beacons back to advertisers, data which contains sensitive information that state-sponsored actors can easily obtain via a subpoena. This attack model was brought to light towards the end of 2016 by a team of six researchers, who presented their findings at the Black Hat Europe 2016 security conference in November and the 33rd Chaos Communication Congress held last week. Their research focuses on the science of ultrasound cross-device tracking (uXDT), a new technology that started being deployed in modern-day advertising platforms around 2014. uXDT relies on advertisers hiding ultrasounds in their ads. When the ad plays on a TV or radio, or some ad code runs on a mobile or computer, it emits ultrasounds that get picked up by the microphone of nearby laptops, desktops, tablets or smartphones. These second-stage devices, who silently listen in the background, will interpret these ultrasounds, which contain hidden instructions, telling them to ping back to the advertiser's server with details about that device. Advertisers use uXDT in order to link different devices to the same person and create better advertising profiles so to deliver better-targeted ads in the future. The attack that the research team put together relies on tricking a Tor user into accessing a web page that contains ads that emit ultrasounds or accessing a page that contains hidden JavaScript code that forces the browser to emit the ultrasounds via the HTML5 Audio API.
Wont work for me either (Score:2)
The only microphone I have is the microphone in my Nokia N900 and I doubt the N900 and its ancient web browser could run any of whatever backend code has to listen for the special sound.
Just when you thought (Score:2)
ads couldn't be any fucking worse...
Speakers (Score:1)
I doubt my crappy speakers can emit anything in that frequency. Even then, my phone's mic is not probably up to the task.
Besides, I'm sure those who are worried could buy/build a filter to remove audio in that frequency.
How to block (Score:1)
What devices/apps listen, and how do I disable them?
Is this theoretical? (Score:2)
I understand this is theoretically possible but what speakers in these devices have powerful ultrasonic blasters? Unless they're doing some form of distance measuring, the majority of speakers is limited well under 18kHz with the response curve dropping sharply after that.
so they're emitting tracking ultrasound :( (Score:1)
this is bullshit. a cop / law enforcement could use this to walk around and receive identity information without even needing to interferometry scan your brain/DNA/pocket book full of ID/credit cards/cellphone etc.
this also enables low tech citizens to perform the same feat. often times once a low tech person has info about you such as tracking ID, IP address, phone number, address, name, social security number, date of birth+location information, or email address they can take that to databases and find ou