Our world is dominated by telecoms. It seems we are followed day and night by advertisers and marketing attempts, you may be weary and a little jaded to the idea of more intrusion in your life.
Our devices are always on, always with us and ever-present in our personal lives. If that weren’t enough, we are followed around the web by tracking devices hidden in websites and helped by cookies on our computers.
But what if I told you that there was another threat and one that is possibly more sinister and secretive than these?
Recently, researchers have uncovered a network of snooping using your mobile device and hundreds of other devices around you, from other telephones, computers, televisions and special devices in department stores.
Ultrasonic Snooping
The truth is, your phone may be snooping on you in ways that you never dreamed about.
The technology is called Ultrasonic Cross-Device Tracking.
High-frequency tones, so high in pitch that you cannot hear them are being embedded in websites, television commercials and even in beacons placed in shops and shopping centres.
These tones can then be heard by any smart device with a microphone. Your mobile telephone for example.
Advertisers can then build an accurate picture of where you’ve been, what shops you’ve visited and even what adverts you have been exposed to. The snooping can even expose what television programmes you’ve been watching and websites you’ve visited.
Permissions
Currently, if you use an Android or iOS device, then you will have to explicitly give that application permission to use the microphone.
The problem lies in the fact that users often grant applications permissions that they don’t need without even a second thought.
When did you last read the full release notes for the app you downloaded?
And it’s more complicated than that to monitor – on Android, the current standard is to reset all permissions each time the app is updated, so a simple update can re-grant microphone access to an app that you had previously denied.
Security Concerns
Whilst the data rate that ultrasonic cross device tracking can maintain is very very low, it’s still enough to transmit enough personal data to identify you and your device.
An app that is listening on your phone can identify you within several metres of a transmitting ultrasonic beacon or television.
Websites that you have visited can be recorded and the concerns go further.
This is a technology that potentially de-anonymises transactions that were otherwise anonymous. In simple language that means Tor browser users are exposed and Bitcoin transactions could potentially be traced or intercepted.
Industry Standards
In an industry that is constantly evolving, regulations and standards form a framework around which developers and device manufacturers conform to.
However, ultrasonic cross device tracking is an emerging technology that some might say ‘piggy-backs’ on top of existing technology and, currently at least, avoids any regulation.
That makes it difficult to identify proprietary applications that use this technology because the implementation is different in every case.
Final Thoughts And Concerns
Whilst you can combat this to some extent by keeping a keen eye on what applications use your microphone, you’re not out of the woods.
Clever implementations have sought to employ sensor devices such as accelerometers that are embedded in most mobile phones now, and these can act equally well as an ultrasonic microphone.
To everything, there is a cost...