Alexa – what are you hearing that I can’t?

Stewart Mitchell reveals how your devices’ microphones are listening out for more than just your voice commands

Ethical dilemma

The beacons first grabbed headlines when it was revealed they could be hidden in television or radio content such as adverts which would alert companies which users watched certain programs. For the first time, companies could even get a picture of which channels or shows were being watched by individual viewers with or without their permission.

"Where traditional broadcasting via terrestrial, satellite or cable signals previously provided anonymity to a recipient, local media selection becomes observable," the researchers said. "Someone using beacons can precisely link watching even sensitive content such as adult movies to a single individual even at varying locations."

The ultrasonic signals also enable app developers to work out which devices belong to the same individual. For example, if two devices regularly register the same beacons, then the app owner would know that the handsets likely belong to the same person. "Beacons could be used to link together private and business devices of a user, if they receive the same ultrasonic signal, thereby providing a potential infection vector for targeted attacks," said Quiring.

The German researchers highlight that beacons also enable an adversary to track user movement indoors without requiring GPS, revealing where and when an individual goes in a store or hotel, for example, while anyone with access to the data can also learn when people are meeting or are in close proximity to one another.

Security services

Given the publicised capabilities of security services, there are also concerns that inaudible sound waves could prove a useful tool for snooping on or identifying members of the public, particularly against those that are using VPNs or Tor to remain anonymous.

Advertisement
Advertisement - Article continues below

"One of the attacks we identified affects anonymous communication systems," said Vasilios Mavroudis, doctoral researcher in the Information Security Group at the University College London. "Imagine a user uses Tor on their home computer to browse the web anonymously and has left their mobile phone nearby, and the phone features an app periodically listening for ultrasound beacons for tracking. If one of the websites has been compromised and emits ultrasounds, that unique ultrasound beacon is picked up by the app in the phone, which reports it back to the tracking company."

With this information, Mavroudis says, security officials could ask for a warrant demanding the tracking company provides details of the users reporting the specific beacon ID.

According to Mavroudis, who has created a Chrome extension (SilverDog) that blocks inaudible data, audio technology could also move beyond announcing "I'm here" and carry potentially dangerous data streams which would evade conventional security software. "At first, it was simply a unique identifier corresponding to the content or the location where the beacon was emitted from," said Mavroudis. "However, the ecosystem is fast evolving and full communication stacks will be soon made available."

Featured Resources

The IT Pro guide to Windows 10 migration

Everything you need to know for a successful transition

Download now

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Software-defined storage for dummies

Control storage costs, eliminate storage bottlenecks and solve storage management challenges

Download now

6 best practices for escaping ransomware

A complete guide to tackling ransomware attacks

Download now
Advertisement

Most Popular

Visit/security/identity-and-access-management-iam/354289/44-million-microsoft-customers-found-using
identity and access management (IAM)

44 million Microsoft customers found using compromised passwords

6 Dec 2019
Visit/hardware/354237/five-signs-that-its-time-to-retire-it-kit
Sponsored

Five signs that it’s time to retire IT kit

29 Nov 2019
Visit/cloud/microsoft-azure/354230/microsoft-not-amazon-is-going-to-win-the-cloud-wars
Microsoft Azure

Microsoft, not Amazon, is going to win the cloud wars

30 Nov 2019
Visit/operating-systems/microsoft-windows/354297/this-exploit-could-give-users-free-windows-7-updates
Microsoft Windows

This exploit could give users free Windows 7 updates beyond 2020

9 Dec 2019