IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Alexa – what are you hearing that I can’t?

Stewart Mitchell reveals how your devices’ microphones are listening out for more than just your voice commands

Ethical dilemma

The beacons first grabbed headlines when it was revealed they could be hidden in television or radio content such as adverts which would alert companies which users watched certain programs. For the first time, companies could even get a picture of which channels or shows were being watched by individual viewers with or without their permission.

"Where traditional broadcasting via terrestrial, satellite or cable signals previously provided anonymity to a recipient, local media selection becomes observable," the researchers said. "Someone using beacons can precisely link watching even sensitive content such as adult movies to a single individual even at varying locations."

The ultrasonic signals also enable app developers to work out which devices belong to the same individual. For example, if two devices regularly register the same beacons, then the app owner would know that the handsets likely belong to the same person. "Beacons could be used to link together private and business devices of a user, if they receive the same ultrasonic signal, thereby providing a potential infection vector for targeted attacks," said Quiring.

The German researchers highlight that beacons also enable an adversary to track user movement indoors without requiring GPS, revealing where and when an individual goes in a store or hotel, for example, while anyone with access to the data can also learn when people are meeting or are in close proximity to one another.

Security services

Given the publicised capabilities of security services, there are also concerns that inaudible sound waves could prove a useful tool for snooping on or identifying members of the public, particularly against those that are using VPNs or Tor to remain anonymous.

"One of the attacks we identified affects anonymous communication systems," said Vasilios Mavroudis, doctoral researcher in the Information Security Group at the University College London. "Imagine a user uses Tor on their home computer to browse the web anonymously and has left their mobile phone nearby, and the phone features an app periodically listening for ultrasound beacons for tracking. If one of the websites has been compromised and emits ultrasounds, that unique ultrasound beacon is picked up by the app in the phone, which reports it back to the tracking company."

With this information, Mavroudis says, security officials could ask for a warrant demanding the tracking company provides details of the users reporting the specific beacon ID.

According to Mavroudis, who has created a Chrome extension (SilverDog) that blocks inaudible data, audio technology could also move beyond announcing "I'm here" and carry potentially dangerous data streams which would evade conventional security software. "At first, it was simply a unique identifier corresponding to the content or the location where the beacon was emitted from," said Mavroudis. "However, the ecosystem is fast evolving and full communication stacks will be soon made available."

Featured Resources

Activation playbook: Deliver data that powers impactful, game-changing campaigns

Bringing together data and technology to drive better business outcomes

Free Download

In unpredictable times, a data strategy is key

Data processes are crucial to guide decisions and drive business growth

Free Download

Achieving resiliency with Everything-as-a-Service (XAAS)

Transforming the enterprise IT landscape

Free Download

What is contextual analytics?

Creating more customer value in HR software applications

Free Download

Most Popular

Open source packages with millions of installs hacked to harvest AWS credentials
hacking

Open source packages with millions of installs hacked to harvest AWS credentials

24 May 2022
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

13 May 2022
Microsoft finally adds Power BI integrations to PowerPoint and Outlook
business intelligence (BI)

Microsoft finally adds Power BI integrations to PowerPoint and Outlook

25 May 2022