Alexa – what are you hearing that I can’t?

Stewart Mitchell reveals how your devices’ microphones are listening out for more than just your voice commands

Ethical dilemma

The beacons first grabbed headlines when it was revealed they could be hidden in television or radio content such as adverts which would alert companies which users watched certain programs. For the first time, companies could even get a picture of which channels or shows were being watched by individual viewers with or without their permission.

"Where traditional broadcasting via terrestrial, satellite or cable signals previously provided anonymity to a recipient, local media selection becomes observable," the researchers said. "Someone using beacons can precisely link watching even sensitive content such as adult movies to a single individual even at varying locations."

The ultrasonic signals also enable app developers to work out which devices belong to the same individual. For example, if two devices regularly register the same beacons, then the app owner would know that the handsets likely belong to the same person. "Beacons could be used to link together private and business devices of a user, if they receive the same ultrasonic signal, thereby providing a potential infection vector for targeted attacks," said Quiring.

The German researchers highlight that beacons also enable an adversary to track user movement indoors without requiring GPS, revealing where and when an individual goes in a store or hotel, for example, while anyone with access to the data can also learn when people are meeting or are in close proximity to one another.

Security services

Given the publicised capabilities of security services, there are also concerns that inaudible sound waves could prove a useful tool for snooping on or identifying members of the public, particularly against those that are using VPNs or Tor to remain anonymous.

"One of the attacks we identified affects anonymous communication systems," said Vasilios Mavroudis, doctoral researcher in the Information Security Group at the University College London. "Imagine a user uses Tor on their home computer to browse the web anonymously and has left their mobile phone nearby, and the phone features an app periodically listening for ultrasound beacons for tracking. If one of the websites has been compromised and emits ultrasounds, that unique ultrasound beacon is picked up by the app in the phone, which reports it back to the tracking company."

With this information, Mavroudis says, security officials could ask for a warrant demanding the tracking company provides details of the users reporting the specific beacon ID.

According to Mavroudis, who has created a Chrome extension (SilverDog) that blocks inaudible data, audio technology could also move beyond announcing "I'm here" and carry potentially dangerous data streams which would evade conventional security software. "At first, it was simply a unique identifier corresponding to the content or the location where the beacon was emitted from," said Mavroudis. "However, the ecosystem is fast evolving and full communication stacks will be soon made available."

Featured Resources

B2B under quarantine

Key B2C e-commerce features B2B need to adopt to survive

Download now

The top three IT pains of the new reality and how to solve them

Driving more resiliency with unified operations and service management

Download now

The five essentials from your endpoint security partner

Empower your MSP business to operate efficiently

Download now

How fashion retailers are redesigning their digital future

Fashion retail guide

Download now

Most Popular

The benefits of workload optimisation

The benefits of workload optimisation

16 Jul 2021
Samsung Galaxy S21 5G review: A rose-tinted experience
Mobile Phones

Samsung Galaxy S21 5G review: A rose-tinted experience

14 Jul 2021
IT Pro Panel: Why IT leaders need soft skills
professional development

IT Pro Panel: Why IT leaders need soft skills

26 Jul 2021