On the Privacy and Security of the Ultrasound Ecosystem

Vasilios Mavroudis; Shuang Hao; Yanick Fratantonio; Federico Maggi; Christopher Kruegel; Giovanni Vigna

Journal & Issue Details

Journal Details

Format: Journal
eISSN: 2299-0984
First Published: 16 Apr 2015
Publication timeframe: 4 times per year
Languages: English

Nowadays users often possess a variety of electronic devices for communication and entertainment. In particular, smartphones are playing an increasingly central role in users’ lives: Users carry them everywhere they go and often use them to control other devices. This trend provides incentives for the industry to tackle new challenges, such as cross-device authentication, and to develop new monetization schemes. A new technology based on ultrasounds has recently emerged to meet these demands. Ultrasound technology has a number of desirable features: it is easy to deploy, flexible, and inaudible by humans. This technology is already utilized in a number of different real-world applications, such as device pairing, proximity detection, and cross-device tracking.

This paper examines the different facets of ultrasound-based technology. Initially, we discuss how it is already used in the real world, and subsequently examine this emerging technology from the privacy and security perspectives. In particular, we first observe that the lack of OS features results in violations of the principle of least privilege: an app that wants to use this technology currently needs to require full access to the device microphone. We then analyse real-world Android apps and find that tracking techniques based on ultrasounds suffer from a number of vulnerabilities and are susceptible to various attacks. For example, we show that ultrasound cross-device tracking deployments can be abused to perform stealthy deanonymization attacks (e.g., to unmask users who browse the Internet through anonymity networks such as Tor), to inject fake or spoofed audio beacons, and to leak a user’s private information.

Based on our findings, we introduce several defense mechanisms. We first propose and implement immediately deployable defenses that empower practitioners, researchers, and everyday users to protect their privacy. In particular, we introduce a browser extension and an Android permission that enable the user to selectively suppress frequencies falling within the ultrasonic spectrum. We then argue for the standardization of ultrasound beacons, and we envision a flexible OS-level API that addresses both the effortless deployment of ultrasound-enabled applications, and the prevention of existing privacy and security problems.

Keywords

Ultrasounds
Deanonymization
Privacy Violation
Cross-device Linking

References

[1] Made in America Festival 1.0.8 app on the Play Store. https://play.google.com/store/apps/details?id=com.lisnr.festival.madeinamericaandroid, 2015.Search in Google Scholar

[2] Bluetooth Low Energy API Level 18. https://developer.android.com/guide/topics/connectivity/bluetooth-le.html, 2016.Search in Google Scholar

[3] Google Cast 1.16.7 app on the Play Store. https://play.google.com/store/apps/details?id=com.google.android.apps.chromecast.app, 2016.Search in Google Scholar

[4] Google Nearby Messages API. https://developers.google.com/nearby/messages/android/get-beacon-messages, 2016.Search in Google Scholar

[5] Google Proximity Beacon API. https://developers.google.com/beacons/proximity/guides, 2016.Search in Google Scholar

[6] History GK 5.0 app on the Play Store. https://play.google.com/store/apps/details?id=com.gktalk.history, 2016.Search in Google Scholar

[7] Indianapolis Colts Mobile 3.1.1 app on the Play Store. https://play.google.com/store/apps/details?id=com.yinzcam.nfl.colts, 2016.Search in Google Scholar

[8] Intrasonics-Artificial Echo Modulation. http://www.intrasonics.com/, 2016.Search in Google Scholar

[9] McDo Philippines app on the Play Store. https://play.google.com/store/apps/details?id=ph.mobext.mcdelivery, 2016.Search in Google Scholar

[10] Signal360’s Use Cases. http://www.signal360.com/#results, 2016.Search in Google Scholar

[11] 3GPP. 3rd generation partnership project, technical specification of international mobile station equipment identities (imei).Search in Google Scholar

[12] A. Andreadis and G. Giambene. The global system for mobile communications. Protocols for High-Efficiency Wireless Networks, pages 17–44, 2002.Search in Google Scholar

[13] anfractuosity. Ultrasound Networking. 00003.Search in Google Scholar

[14] Audible magic. https://www.audiblemagic.com/advertising/, 2016.Search in Google Scholar

[15] C. Calabrese. Comments for November 2015 Workshop on Cross-Device Tracking.Search in Google Scholar

[16] C. Castelluccia, M.-A. Kaafar, and M.-D. Tran. Betrayed by your ads! In Privacy Enhancing Technologies Symposium, pages 1–17. Springer, 2012.10.1007/978-3-642-31680-7_1Search in Google Scholar

[17] T. Chen, I. Ullah, M. A. Kaafar, and R. Boreli. Information leakage through mobile analytics services. In Proceedings of the 15th Workshop on Mobile Computing Systems and Applications, page 15. ACM, 2014.10.1145/2565585.2565593Search in Google Scholar

[18] Copsonic. http://www.copsonic.com/products.html#webtostoretracker, 2016.Search in Google Scholar

[19] L. Deshotels. Inaudible sound as a covert channel in mobile devices. In Proc. 8th USENIX Conf. Offensive Technologies, page 16.Search in Google Scholar

[20] A. Detector. Silverpush android apps. https://public.addonsdetector.com/silverpush-android-apps/, November 2015.Search in Google Scholar

[21] R. Dingledine, N. Mathewson, and P. Syverson. Tor: The second-generation onion router. Technical report, DTIC Document, 2004.10.21236/ADA465464Search in Google Scholar

[22] Forbes. Silverpush quits creeping world out, ceases tracking tv habits via inaudible ’beacons’. http://www.forbes.com/sites/thomasbrewster/2016/03/21/silverpush-tv-mobile-ad-tracking-killed/, March 2016.Search in Google Scholar

[23] Ftc public discussion on cross-device tracking. https://www.ftc.gov/news-events/audio-video/video/cross-device-tracking-part-1, November 2015.Search in Google Scholar

[24] D. Goodin. Beware of ads that use inaudible sound to link your phone, TV, tablet, and PC.Search in Google Scholar

[25] D. Goodin. Meet “badBIOS,” the mysterious Mac and PC malware that jumps airgaps. 00004.Search in Google Scholar

[26] Google. Chromecast guest mode - guest mode faqs. https://support.google.com/chromecast/answer/6109297?hl=en, August 2016.Search in Google Scholar

[27] M. Hanspach and M. Goetz. On Covert Acoustical Mesh Networks in Air. 8(11):758–767.10.12720/jcm.8.11.758-767Search in Google Scholar

[28] Honda Electronics. Ultrasonic Aquatic Communication System.Search in Google Scholar

[29] M. Kamal. minimodem - general-purpose software audio FSK modem.Search in Google Scholar

[30] Lisnr. http://lisnr.com/platform, 2016.Search in Google Scholar

[31] Real-time bidding and malvertising: A case study. https://blog.malwarebytes.org/cybercrime/2015/04/real-time-bidding-and-malvertising-a-case-study/, April 2015.Search in Google Scholar

[32] M. Marlinspike. New tricks for defeating ssl in practice.Search in Google Scholar

[33] W. Meng, X. Xing, A. Sheth, U. Weinsberg, and W. Lee. Your online interests: Pwned! a pollution attack against targeted advertising. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, pages 129–140. ACM, 2014.10.1145/2660267.2687258Search in Google Scholar

[34] L. Olejnik, C. Castelluccia, et al. Selling off privacy at auction. 2014.10.14722/ndss.2014.23270Search in Google Scholar

[35] G. Petracca, Y. Sun, T. Jaeger, and A. Atamli. AuDroid: Preventing Attacks on Audio Channels in Mobile Devices. In Annual Computer Security Applications Conference. ACM Press.Search in Google Scholar

[36] E. Ramirez. Transcript - Part 1. In FTC Cross-Device Tracking Workshop.Search in Google Scholar

[37] E. Ramirez. Transcript - Part 2. In FTC Cross-Device Tracking Workshop.Search in Google Scholar

[38] C. Roeding and A. Emigh. Method and system for location-triggered rewards, July 16 2013. US Patent 8,489,112.Search in Google Scholar

[39] Shopkick. https://www.shopkick.com/, June 2016.Search in Google Scholar

[40] Signal360. http://www.signal360.com/#solution, 2016.Search in Google Scholar

[41] A. Silverman. Colts to begin using lisnr technology to reach fans’ mobile devices at games, events. http://www.sportsbusinessdaily.com/Daily/Issues/2016/07/19/Franchises/Colts.aspx, July 2016.Search in Google Scholar

[42] Silverpush. https://www.silverpush.co/#!/audio, 2015.Search in Google Scholar

[43] A. K. Sood and R. J. Enbody. Targeted cyberattacks: a superset of advanced persistent threats. IEEE security & privacy, (1):54–61, 2013.Search in Google Scholar

[44] Sophos. Users weighed down by multiple gadgets and mobile devices, new sophos survey reveals. https://www.sophos.com/en-us/press-office/press-releases/2013/03/mobile-security-survey.aspx, March 2013.Search in Google Scholar

[45] X. Su and T. M. Khoshgoftaar. A survey of collaborative filtering techniques. Advances in artificial intelligence, 2009:4, 2009.10.1155/2009/421425Search in Google Scholar

[46] V. Subramanian, S. Uluagac, H. Cam, and R. Beyah. Examining the characteristics and implications of sensor side channels. In Communications (ICC), 2013 IEEE International Conference on, pages 2205–2210. IEEE.10.1109/ICC.2013.6654855Search in Google Scholar

[47] Tchirp. http://www.tchirp.com/#theTech, 2016.Search in Google Scholar

[48] P. Winter, R. Köwer, M. Mulazzani, M. Huber, S. Schrittwieser, S. Lindskog, and E. Weippl. Spoiled Onions: Exposing Malicious Tor Exit Relays. In Privacy Enhancing Technologies Symposium. Springer, 2014.10.1007/978-3-319-08506-7_16Search in Google Scholar

[49] X. Xing, W. Meng, D. Doozan, A. C. Snoeren, N. Feamster, and W. Lee. Take this personally: Pollution attacks on personalized services. In Proceedings of the 22nd USENIX Security Symposium, 2013.Search in Google Scholar

[50] J. Yan, N. Liu, G. Wang, W. Zhang, Y. Jiang, and Z. Chen. How much can behavioral targeting help online advertising? In Proceedings of the 18th international conference on World wide web, pages 261–270. ACM, 2009.10.1145/1526709.1526745Search in Google Scholar

[51] Y. Yuan, F. Wang, J. Li, and R. Qin. A survey on real time bidding advertising. In Service Operations and Logistics, and Informatics (SOLI), 2014 IEEE International Conference on, pages 418–423. IEEE, 2014.10.1109/SOLI.2014.6960761Search in Google Scholar

[52] W. Zhang, L. Chen, and J. Wang. Implicit look-alike modelling in display ads: Transfer collaborative filtering to ctr estimation. arXiv preprint arXiv:1601.02377, 2016.Search in Google Scholar

Proceedings on Privacy Enhancing Technologies

On the Privacy and Security of the Ultrasound Ecosystem

Vasilios Mavroudis,Vasilios MavroudisShuang Hao,Shuang HaoYanick Fratantonio,Yanick FratantonioFederico Maggi,Federico MaggiChristopher Kruegel andChristopher KruegelGiovanni VignaGiovanni Vigna

Published Online: 04 Apr 2017

Page range: 95 - 112

Received: 31 Aug 2016

Accepted: 01 Dec 2016

Keywords

Plan your remote conference with Sciendo

Vasilios Mavroudis,
Vasilios Mavroudis
Shuang Hao,
Shuang Hao
Yanick Fratantonio,
Yanick Fratantonio
Federico Maggi,
Federico Maggi
Christopher Kruegel and
Christopher Kruegel
Giovanni Vigna
Giovanni Vigna