Serious Hacks Possible Through Inaudible Ultrasound

An anonymous reader writes: "High-frequency audio 'beacons' are embedded into TV commercials or browser ads," reports New Scientist. "These sounds, which are inaudible to the human ear, can be picked up by any nearby device that has a microphone and can then activate certain functions on that device...Some shopping reward apps, such as Shopkick, already use it to let retailers push department or aisle-specific ads and promotions to customers' phones as they shop."

But now Fortune reports that some apps "often actively listen for ultrasound signals, even when the app itself is closed, creating a new and relatively poorly-understood pathway for hacking." In addition, security researchers "have already found ways to mine cloaked IP addresses. Speaking to New Scientist, team member Vasilios Mavroudis suggests that an app's always-on microphone access could be leveraged to monitor conversations (and, if you're not paranoid already, to decipher what you're typing). The 'beacons' that transmit ultrasound data can also be spoofed to manipulate apps' user data."

Atomic Controls.

[0100010001010011]

Program LudditeApp wants access to the microphone?

Approve / Deny.

Re:Atomic Controls.

[Joce640k]

I guess anybody who:
a) Installs an app called "Shopkick".
and,
b) Doesn't uninstall it instantly after the very first shopping-aisle-related advert beeps at them.

deserves all they get.

Re:Atomic Controls.

[AmiMoJo]

Seems like it wouldn't work on many phones anyway. The last two versions of Android have doze, which prevents apps listening all the time (the "OK Google" detection is hardware based and inaccessible to apps). Many phones have the mic input designed to cut ultrasound too, for better recording quality.

Reminds me of those Bluetooth spamming devices you can buy. They claim to be effective but actually 99% of phones don't broadcast Bluetooth pairing requests it accept unrequested connections.

Re:Atomic Controls.

[Solandri]

Program NameThatSongApp wants access to the microphone.

Approve

(Unbeknownst to the user, the app also constantly listens for secret ultrasonic commands)

Functions which are invisible to the user should always have a master on/off switch, preferably physical, or some sort of non-defeatable indicator that they are in use. The two main culprits here are the camera and microphone. It's also the rationale for things like a light to indicate hard drive activity which oh so many laptop vendors seem anxious to eliminate.

Re:Atomic Controls.

Several ways to get "shopkick" or whatever onto phones:
* embed into a popular game
* pay carriers/phone sellers to preload it
* campaign where shoppers get a discount for showing they have this "shopkick" installed.
* some people want to be told about rebates . . .

Re:Atomic Controls.

I use a dumbphone. Talk, text calendar, and it costs 1/20 of the price of a smartphone. Plus I save on not having a data plan to pay for.

People make fun of me. But I don't get hacked. And I have more money.

Re:Atomic Controls.

[Dutch+Gun]

Another point I haven't heard anyone mentioning. It's possible these ultrasound beacons might be very uncomfortable for animals that have exceptional hearing range and sensitivity, such as seeing-eye dogs. If so, this sort of thing might actually run afoul of ADA laws.

Re:Atomic Controls.

OK... for your average user: Program LudditeApp wants access to the microphone?

Deny.

(5 minutes later): Program LudditeApp wants access to the microphone?

Deny!

(5 minutes later): Program LudditeApp wants access to the microphone?

DENY!

(5 minutes later): Program... ok, ok damnit, anything to make you shut up!!!

Re:Atomic Controls.

[Dutch+Gun]

Several ways to get "shopkick" or whatever onto phones:
* embed into a popular game
* pay carriers/phone sellers to preload it

Have you heard about any of these nefarious methods being used in practice, or is that just hypothetical? Because I'm reasonably sure that unless I give an app explicit permissions, a normal app can't simply install random adware to run in the background and listen to the microphone. Smartphone OSes silo apps pretty well, unlike traditional PC-based OS permission models.

Besides, it would be difficult to hide something like this, and would likely kick off a massive shitstorm once it was inevitably discovered (e.g. Lenovo & Superfish).

Re:Atomic Controls.

Anyone remember the notification based ads from a few years ago from places like AirPush which became commonplace until Google stepped in and not just made rules, but allowed users to mute apps? Same thing. A user installs some generic fleshlight app from the Play Store that asks for every permission under the sun (realistically, what apps -don't- ask for everything?), and what comes with that is additional software. This is a lot like websites are today. Most allow third parties to do what they feel like in return for a few pennies every month. Similar with some apps. Include a third party module from some place that might toss you a few bucks if lucky, and the app developer has zero clue of what the included functionality is.

With GPS locations, it is trivial to turn on the app and have it run in selected areas to listen to the mic, while when not at S-Mart, the app doesn't launch an activity and is quiescent, to save on battery life.

Re:Atomic Controls.

I use a "dumb" flip-phone. It has a hard power button, removable battery, micro SD slot, and headphone jack.

Re:Atomic Controls.

[Dutch+Gun]

Good point. Still, there are two parts to this story - first, that app makers will try to get away with anything and everything, and second, that Google (and certainly Apple) will step in when they're perceived as crossing the line, as they don't want to damage their own ecosystem's reputation.

Also, finding apps that don't ask for every permission under the sun is certainly possible if you're willing to dig a bit. Unfortunately, my guess is that most people don't pay attention to this, or really don't understand the significance of the permissions they're granting.

Re: Atomic Controls.

No they don't deserve it. Not all users are as smart as you but they need to be protected by legislation.

Re:Atomic Controls.

[AK+Marc]

Doesn't let it run in the background, and that's easily controllable.

Re:Atomic Controls.

Also, finding apps that don't ask for every permission under the sun is certainly possible if you're willing to dig a bit. Unfortunately, my guess is that most people don't pay attention to this, or really don't understand the significance of the permissions they're granting.

There are other times where this can be impossible.

My in-laws had a laser printer that they had ended up not using. When ours quit, they gave it to us. When I tried to install the printer's app on my wife's smartphone, it wanted access to EVERYTHING. No need of it. No need to access the contact list, or anything else like that. If we had bought it, I would have returned it. Left with the option of allowing access to everything, or not printing from the phone. (We went with the second option.)

We had an alarm system installed in the house, After it was done, and I looked up the app that works with it, I found that it also wanted access to everything on my phone. I felt like calling the installer back to remove it. Wife glared at me. (I was away a lot at the time we got it, and she was the one that wanted it.)

Making an app that requires access to something it should not need access to should be in violation of privacy laws. They get away with it, because they do ask permission. There are many apps I would like, but I have said no to because of the access requests.

Re:Atomic Controls.

The only real solution I've found is something like XPrivacy which allows an app to have the permissions it wants... but it will get bogus data back. GPS will be a static point, mic data is useless, songs and contacts are randomly generated, camera is black, etc. Otherwise, apps either don't run, or run degraded if they don't get the wide-open stuff demanded.

Re:Atomic Controls.

I had a dinosaur flip-phone. For a very long time. Battery used to last me three weeks, up until a few months back. Started having to charge it daily.

My new smartphone cost me less to buy and use than my old flip-phone bill alone. Stupid. (I changed carriers over it too.)

So I begrudgingly have a smart phone now. (Camera in it is about the only thing I like better than old flippy.)

Re:Atomic Controls.

[haruchai]

"A user installs some generic fleshlight app from the Play"

Er, I think you mean flAshlight. And I don't think I need to know where your phone has been.

Re: Atomic Controls.

"Fleshlight app" - Freudian slip ?

Re:Atomic Controls.

[plover]

That doesn't make sense. If you can deny it access, what's the problem?

There are legitimate features that apps and devices might be able to offer by using your contact list. A printer could make use of fax numbers or email addresses, for example. If you deny it access to your contacts, it'll still print, but it won't automatically offer to fax documents to your recipients. That's no reason to avoid the printer.

Now, if it grabbed your contacts without asking, that would be a problem.

Re:Atomic Controls.

That's pretty much the only thing of interest to me on my smart phone, taking photos with a half decent camera.

Re:Atomic Controls.

That doesn't make sense. If you can deny it access, what's the problem?

That is the problem, the denial of access is an all or nothing. If you choose to deny it, the app doesn't get installed, and you have no functionality. So in the example you outlined you wouldn't be able to print.

Re:Atomic Controls.

[mSparks43]

Archos phones seem to come with all sorts of malware either preloaded or pushed over the air. You cant even turn off "other sources ". The settings app which obviously cant be removed keeps switching it back on. Sophos even detects it as malicious but cant do anything about it.

Real shame because in the early days of Android it looked like Archos were doing everything right.

Re:Atomic Controls.

Several ways to get "shopkick" or whatever onto phones:
* embed into a popular game
* pay carriers/phone sellers to preload it

Have you heard about any of these nefarious methods being used in practice, or is that just hypothetical?

These methods ae being used, sure. I haven't heard about them being used specifically for this "shopkick" thing though. But consider:

* When you buy a phone, there is indeed apps preloaded on it. My phone came with a facebook app - despite me not using facebook. Can't be removed, only disabled. Facebook is pretty bad privacy-wise, more nefarious people can certainly do the same thing. If they have the kind of money needed to pay a carrier. Preloading is in no way necessary - I could easily install that facebook app from google play if I actually wanted it.

* Malware camouflaged as "funny games" happens - although most of those games must be side loaded from chinese websites. They don't get into app stores - usually. There have been cases of clean game getting into google play - and then version 2 comes along with spyware or whatever. You and I refuse apps that ask for the wrong permissions - most people don't care. Just something they have to click through. So stuff gets onto phones in general, even if you manage to keep yours clean.

Re: Atomic Controls.

The latest versions of Android have granular permissions controls. The OS doesn't prompt you to grant a specific permission until the app tries to use it (not at install time), and you can grant/deny individual permissions.

Re:Atomic Controls.

[0100010001010011]

(There's a Don't Ask Again checkbox on the same dialog)

What?

[Joce640k]

"High-frequency audio 'beacons' are embedded into TV commercials or browser ads," reports New Scientist. "These sounds, which are inaudible to the human ear, can be picked up by any nearby device that has a microphone and can then activate certain functions on that device..

Only in the dreams of the most tinfoil hatted idiots on the planet.

And slashdot editors, apparently.

Re:What?

[MindPrison]

There are lots of things that seem stupid until it is proven to work, and is being done.

Sometimes I wonder why my remote control refuse to obey my commands when the commercials on TV are running and I try to quicky zap away, coincidence? Maybe I'm just being paranoid - but sometimes these questions are worth raising so we don't just accept everything blindly.

Re:What?

keep thinking this is impossible, people like you are the specific type of person who would get targeted. someone with a little bit ofinformation is dangerous because they thing they know it all. when your phone/computer/car gets pwned, don't cry because you were warned and laughed about it.

Re:What?

[Joce640k]

Sometimes I wonder why my remote control refuse to obey my commands when the commercials on TV are running and I try to quicky zap away.

Have you tried wrapping it in tinfoil?

Re:What?

There are lots of things that seem stupid until it is proven to work, and is being done.

But not this. Not ultrasound. Perhaps they use "signature sounds", but not in the ultrasound range:

Audio equipment is designed for human use. We hear up to about 20 kHz - ultrasound is above that. To avoid wasting bandwith, nobody sample above 20kHz. (well, sometimes they sample higher frequencies for quality reasons and to allow simpler filter technology. But the higher frequencies are then removed before distribution.) Similiarly, equipment does not play back beyond 20kHz either.

Any scheme using ultrasound would fail, due to most equipment failing to handle it. So no truly silent manipulation. They may, however, take advantage of how most people don't notice much above 16kHz or so - especially not if normal noise/music is playing at the same time.

Re:What?

[Joce640k]

Yeah, your phone's microphone and TV's speakers are totally designed for ultrasound broadcast/reception.

Re:What?

Well, it isn't like it isn't anything new

https://yro.slashdot.org/story...

Lets not also forget about badbios malware that reportedly transfers similarly.

http://arstechnica.com/securit...

And no, you do not install "let me send you some ads" app that needs permission to use your microphone, you install some other app that uses an ad package for advertisement and payments to support it's development which in turn has the app. This is why some apps want to have access to your microphone, camera, contacts, media, network and so on when you install them and they are just a dressed up solitaire game.

Hell, the app for my blood pressure monitor machine wants access to my phone, contacts, photos, and something else which I could never understand. I couldn't get the manufacturer to explain why when all it did was dump the reading into a file with the date and time via blue tooth and you could add notes and search it later is you wanted.

Re: What?

[Zero__Kelvin]

Sorry to burst your bubble buddy, but those of us who are laughing know what a band pass filter is, and what the typical microphone frequency response is on a Smartphone.

Re:What?

[AK+Marc]

What happens when these "ultrasound" sounds try to pass through high end speakers with bandfilters? My ribbon tweeters can destroy themselves with ultrasound, so they have low-pass bandfilters (and high-pass bandfilters, where the mids take over). So what speaker is passing these sounds, and why are they getting past my bandfilters? How about the crappy sound system in my car? The speakers are rated to 15 kHz, so how are they passing 20+ kHz sounds?

The reason this sounds absurd is because it is.

Re: What?

I just wrap the tin foil around my ears

Re:What?

[jrumney]

Forget about the analog audio path. Ultrasonic will get through that, albeit at attenuated levels, as analog audio reproduction equipment doesn't have sharp cutoffs at the edge of the limits of human hearing, it just doesn't have any guaranteed performance outside that range, and most likely falls off gradually. More convincing would be an analysis of how the perceptual coding of AC-3 treats audio between 16kHz and 24kHz when the maximum sample rate of 48kHz is in use, since that is the lossy codec used for broadcast TV in the US. And do the broadcasters actually use 48kHz sample rates, or do they squeeze more out of their bandwidth allocations by using 32kHz, since hardly anyone can hear the frequencies above 16kHz anyway?

Re:What?

[pellik]

Proof of concept of ultra high frequency audio malware dates to 2013. There is even an (unconfirmed) report of it being spotted in the wild during that time. It may sound crazy, but it's actually a proven method already.

Re:What?

Good Morning shill, how much are you being paid today?

Re:What?

[Plus1Entropy]

Sometimes I wonder why my remote control refuse to obey my commands when the commercials on TV are running and I try to quicky zap away, coincidence? Maybe I'm just being paranoid - but sometimes these questions are worth raising so we don't just accept everything blindly.

So don't accept it blindly. But also don't start spouting random anecdotal conjecture. You could easily test whether this is true by performing some simple experiments and recording the data. Otherwise, yes, you are just being paranoid.

Re:What?

[gl4ss]

well they can do, if you install and run some stupid app like shopkick.

also if you keep bluetooth on, then such commands could be sent through bluetooth! or camera! or gyroscope! or the touchscreen!!!!!

basically.. this article is one of those where they see something use an input and then they write that said input can be used for blabla, if you first install sw to do that. like.. make an app that detects if the user is driving via gps and gyroscope information - and boom you can now write an article about how such an app could be made to distract the driver on purpose when he is driving! think about all the risks!

Re:What?

[Gussington]

But not this. Not ultrasound. Perhaps they use "signature sounds", but not in the ultrasound range:

Audio equipment is designed for human use. We hear up to about 20 kHz - ultrasound is above that.

I have a frequency generator app I use to annoy teenagers. I can only hear up to about 11kHz, and my kids say about 16kHz is their limit. There's a lot of room between 16Khz and 20Khz to add some signal if you wanted to.

Re:What?

[Sir+Holo]

"High-frequency audio 'beacons' are embedded into TV commercials or browser ads," reports New Scientist. "These sounds, which are inaudible to the human ear, can be picked up by any nearby device that has a microphone and can then activate certain functions on that device..

Only in the dreams of the most tinfoil hatted idiots on the planet.

And slashdot editors, apparently.

Isn't all audio put through a notch frequency-filter during compression? The MP3 and even the age-old Red Book CD applied a notch filter – cutting off frequencies below XXX Hz and above YYY kHz – and CDs were not even compressed audio. Modern TVs and smartphones can generate these "outside-audible range" frequencies, but they must be added into the audio stream, and are not retained by the popular CODECS. Ultrasonic is also strictly line-of-sight, just like TV remotes in the 1980s.

The point is that all of the hardware would have to be designed to accept an additional signal, generate the ultrasonic content, and then blend it in with the other audio somewhere between the original stream and the D/A converter, or at least before the speaker.

This is a dumb IoT idea that will soak up a lot of peoples' money. Whatever. They can live and learn.

Re:What?

[yaznaz]

Google Chromecast already uses ultrasonic sounds via TV speakers to pair with your smartphone in absence of wifi. Also audio filters (analog) do not implement sharp cutoff at exactly 20KHz. Nearly every production quality content is sampled higher then 20KHz. Even speakers rated at upto 20KHz are capable of producing higher frequencies, although the volume tapers off. This does not have to be absolutely reliable. Even if the hacks work for some of the devices then it is better then no hack.

Re:What?

Where are you located? In some countries the cable company ToS can force you to watch the commercials if you were watching the channel when they started (or sometimes even a few minutes before). If you use the official box provided by them it can and does enforce that restriction.

Re:What?

Url to the docs saying this? It seems highly unlikely that this is true. The chromecast has a built-in wifi ap so that you can pair with it and do the initial setup, so why would it need to doing anything using the TV speakers?

Re:What?

[RenderSeven]

http://gizmodo.com/chromecast-...

I thought this was pretty unlikely too until I Googled it

Re:What?

no bandpass filter known implements a 100% cutoff AT the freq. They ALL taper down at a certain number of db per hertz... most have a taper (also called a skirt sometimes) that is wider than their height, meaning that a 10KHz - 20 KHz probably accepts 1 KHz - 40 KHz, but as a previous poster said, at lower and lower power levels as you get further and further from the design band.

Too bad so many people think they know something but aren't actually audio engineers.... And no, being a software dev does now mean you know everything about audio equipment design.

Re: What?

yeah, laugh away, knowing WHAT one is and knowing how they are designed and built are two different things. As one who has designed and built them, I think this is completely possible, easily.

Re:What?

[AK+Marc]

Too bad so many people think they know something but aren't actually audio engineers....

Yes,we know, yet the ignorant ACs keep posting irrelevant (and wrong) corrections.

Re:What?

As a sound engineer I can assure you that most people wont notice anything above 12k, and definitely not above 16k. Also, although equipment may be rated up to 20k, they can produce sounds higher than that. The rating is based on a decibel drop (usually 12db), so basically 20k would be 12db quieter than the loudest frequency graphed. It may still produce up to 25k but it would be -12db or quieter. But there's no need to go there because it would be super easy to do some type of quick 18k bursts that nobody would hear even if they are in a silent room, and especially if there is still TV content playing at the same time.

FYI - the 12db drop for rating freq range is common, but high end products may use -6db for more stringent standards.

Re:What?

What percentage of the population do you believe has their TV hooked to speakers with ribbon tweeters? What percentage of the population do you believe has their TV hooked up to their "crappy sound system" in their car?

Re:What?

[Thelasko]

We hear up to about 20 kHz - ultrasound is above that. To avoid wasting bandwith, nobody sample above 20kHz.

CD audio quality is defined as a sampling rate of 44.1kHz. That Nyquist frequency solves for a reproduceable sound of 22.05kHz. That would provide a very narrow band at which humans wouldn't be able to hear. Furthermore, most audio compression algorithms currently in use filter out sounds that aren't audible to humans even further.

I'm calling this story bogus.

Re:What?

[lars_stefan_axelsson]

No, he's right. People in general won't hear above about 12k, 16k or so if they're young (kids). Above that, but well within the hi-fi spec, there's a lot of room.

This is illustrated by the standard hearing test (audiogram) that cuts of at 8k. Even the high frequency one only goes to 16k.

So unless you're interested in a nit-picky semantic of what "ultra sound" really means (which I'm not BTW), the truth of the matter is that even though you've been told 20-20k, that's not really the truth at all. That's a very best, idealised, case, and there's a lot more nuance.

P.S. Try something like this for yourself, and people around you. I, being middle aged can't hear beyond 13k, my kids (young teens) are lost around 16-17k. Still plenty of room for "ultrasonics" without destroying your tweeters, or running afoul of compression bandwidths.

Ok...?

This is assuming you even have a microphone that is ALWAYS listening. Which is not the case for the majority of devices as they at least require some some of use input.
If an app request microphone access for some reason even though the app itself has ZERO vocal interface, I just skip on the app. As should you.

HA!

[Gravis+Zero]

And people wonder why I don't have a "smart"phone.

Re:HA!

[antdude]

Ditto. What about a dummy phone or any phone? ;)

Re:HA!

[Gussington]

And people wonder why I don't have a "smart"phone.

Because of non-permitted Ultrasound signals being sent between your TV and phone? Do you also have a hat made of tin foil?

Re:HA!

[Gravis+Zero]

no because of a lack of security.

Re:HA!

[Gussington]

no because of a lack of security.

So don't install apps that ask for unusual privileges. The security is there, but you have to participate if you want to benefit.

Re:HA!

[Gravis+Zero]

So don't install apps that ask for unusual privileges. The security is there, but you have to participate if you want to benefit.

the perception of security is there. actual security, not so much.

Inaudible ultrasound?

[OneHundredAndTen]

Isn't ultrasound, by definition, inaudible to humans?

Re: Inaudible ultrasound?

[oobayly]

I've heard that there are plans on using inaudible ultrasound on ATM machines as it's more secure than using PIN numbers.

Re:Inaudible ultrasound?

[JustAnotherOldGuy]

Isn't ultrasound, by definition, inaudible to humans?

Well, yes, but let's not get all "facty" and stuff.

Tape over the mic too?

[Vegan+Cyclist]

Simple, just put some tape over the mic!

Re:Tape over the mic too?

[Sir+Holo]

Simple, just put some tape over the mic!

Hmmn. Nice idea – using a piece of tape as a physical low-pass audio filter. What kind of tape, and how thick? I do want it to hear when I am dictating.

It's funny how often "extremely sophisticated and high-tech" things can be defeated with a simple work-around.

For example, SSDI (missile defense). Any engineer worth his/her salt will tell you that it will never work. The Russians have already implemented several work-arounds. The are ones that anyone could think of.
    * Dummy decoys.
    * Powdered aluminum cloud puffing.
    * "Stealth" cowling (covering them with radar-absorbing material, just like a stealth plane).
    * "Jittered-path" flight. Not ballistic arc, but deviating a few 100 meters in a random walk.
All of these were known in 2001. Who knows what is used now?

The point of the example is that billions of dollars can be spent to create a "never-before-used" feature or capability – and defeating said "new" high-tech system can be based on an understanding of physics, and in the end be very, very simple to employ. Pringles-can antenna for WiFi anyone?

In the case of TFA's ultrasound, which is very line-of-sight, the ideas described won't work in the real world.

Re:Tape over the mic too?

[Sir+Holo]

Oh, I forgot to mention another clever invention. I know (or knew) the inventor. It is not a nice thing, but was a necessity of being stuck in the US–Vietnam war. (We'll skip the philosophical aspect of soldiering and killing.)

Question: How do you throw a grenade out of a helicopter flying at 500 feet, and have it go off on the ground?

Answer: Pull the pin, stick it into an empty mayonnaise jar, and drop it. The activating lever won't set off the grenade's timed fuse until the glass jar has hit the ground and broken, setting the activation arm free.

War is ugly, but this is just another example of improvising a solution to a problem that would otherwise not be addressed for years if done as a request through official channels.

I wonder how the guy sleeps at night, actually.

Re:Tape over the mic too?

..In the case of TFA's ultrasound, which is very line-of-sight, the ideas described won't work in the real world.

Line of sight?, There's a phenomena known as reflection...look it up sometime.

Re:Tape over the mic too?

assuming a std us grenade with a 4-5 sec fuse, wouldn't just dropping it create the desired result? ok, well it would go off slightly above the ground.

Re:Tape over the mic too?

phenomena known as reflection

You mean multi-path?

simple solution

[enrique556]

Is it time to maybe - just as a precaution - have all the hardware manufuacturers of audio input & output chipsets filter out supersonic & subsonic frequencies before the rest of the machine even sees them?

Is there ever a case where someone would want inaudible frequencies to be processed by their device?

How difficult/expensive would it be to put such filters in place? The filters we put on our POTS devices to protect our xDSL seem to be pretty cheap..

Re: simple solution

Is there ever a case where someone would want inaudible frequencies to be processed by their device?

To annoy the dog. Now even remotely! Thanks IoT.

Re:simple solution

[brantondaveperson]

have all the hardware manufuacturers of audio input & output chipsets filter out supersonic & subsonic frequencies before the rest of the machine even sees them?

As has already been mentioned, this is exactly what all existing audio recording hardware does. Anti-aliasing filters are placed in the analog path, before digitization, and they're normally set to cut off around 20Khz, since that's the upper limit of human hearing. Leaving these filters out results in unusable audio, they are an essential component of any analog-to-digital conversion of any sort. Unless you're talking about pro-level audio recording hardware, there is no way consumer cellphones can pick up actual "ultrasound". They can pick up signals encoded in audible audio in other ways, but that couldn't be filtered out, and it isn't ultrasound.

Re: simple solution

[Zero__Kelvin]

Such features are already in place. Nobody is using ultrasonic frequencies to transfer data. It isn't possible. The article is straight bullshit.

Re:simple solution

Is there ever a case where someone would want inaudible frequencies to be processed by their device?

You have to remember that much of the technological devices made today are not made with "how can we make this the best device for the user" as the primary concern.

"How can we extract the most money out of the user? How can we monetize their personal data? How can we help out the NSA?"

Walled gardens to get a piece of every sale. Collection of data. Removing headphone jacks to sell expensive wireless ones. None of that is for you the user. They are NOT there because the user wants them.

Why can't you listen to FM radio on your cell phone? Should be a piece of cake to do (and allegedly many phones are capable, but have that functionality disabled). Advantages to user: Reduced battery consumption, reduced data consumption, local info, free music, works in a disaster situation where networks might be congested or down. Seems pretty crazy that it isn't standard in every phone. Until you look at carriers loosing out on selling data packages (and overages), and media gatekeepers not getting extra money for users listening to the radio.

So remember who's interest is at heart when these products are made.

Re:simple solution

[BlueStrat]

As has already been mentioned, this is exactly what all existing audio recording hardware does. Anti-aliasing filters are placed in the analog path, before digitization, and they're normally set to cut off around 20Khz, since that's the upper limit of human hearing. Leaving these filters out results in unusable audio, they are an essential component of any analog-to-digital conversion of any sort. Unless you're talking about pro-level audio recording hardware, there is no way consumer cellphones can pick up actual "ultrasound". They can pick up signals encoded in audible audio in other ways, but that couldn't be filtered out, and it isn't ultrasound.

I saw the TFA and that was my first thought, that the author/editor or somebody either screwed up or went for click-bait.

I may well be wrong, but IMHO it's probably some form of digital encoding riding on the normal audio at relative levels that are inaudible to humans but easily detected by an app or device software designed to detect and use it and all well within the audio bandwidth specs of the devices involved.

But, that's a lot more pedestrian and boring tech-wise, and so probably doesn't generate enough clicks.

Strat

Re:simple solution

Why can't you listen to FM radio on your cell phone?

Eh?, I can.
problem is, I choose not to do so, as, quite frankly, the shit they broadcast round here is...errr, shit.

Inaudible Ultrasound

[JustAnotherOldGuy]

"Inaudible Ultrasound"....as opposed to the other kind.

Faraday

Get a phone case that has RF blocking technology just like wallets are doing to prevent siphoning RFID chip data. Is this feasible for phones?

Re:Faraday

[Plus1Entropy]

Sure, if you don't mind not being able to receive any calls or texts either.

Obviously

[nospam007]

That's why we have anti-ultrasound-hacker dogs deployed.

Ultrasonic microphone?

... can then activate certain functions on that device

First the radio, then the camera, then the microphone were configured as surveillance tools. Now the microphone also offers a backdoor into the operating system. What's this fascination with turning a phone (or more accurately, a portable computing device with telephony services) into the insecure IoT? Why can a macroscopic voice receiver detect ultrasonic audio? That's wasted performance when capturing the human voice.

Time for hardware on/off switches

[davidwr]

It's time for cameras, microphones, and other sensors as well as the various radios to have hardware-on/off switches.

Yes, that would require you to turn the mic on by hand when you answer the phone, but the phone should be smart enough to know "if a call is coming in and the user turns the mic ON, answer the phone" (by default of course - this behavior should be user-controlled).

Heck, I'd even want one for my speaker and "flashlight/camera flash" to make it harder for a rogue app from using sound or light to exfiltrate data.

Microphones roll off top end

and those in laptops, or headgear, about 8 kHz. TOPS! More scare shit to get attention.

NSA Diseducation

But now Fortune reports that some apps "often actively listen for ultrasound signals, even when the app itself is closed, creating a new and relatively poorly-understood pathway for hacking."

If the NSA had wanted the citizenry to understand this pathway of hacking relatively well, they would have mentioned it a decade or two ago. My money is on the NSA's Kompromat psychographic dossier database.

Relax - there's no commercial application for this

[Applehu+Akbar]

Would any advertiser use an app that was biologically designed to repel young people in the prime shopping years?

"ultra" sound from $0.50 TV speaker? LOL

As a musician (classical pianist) the mere idea that we can even get decent sound from a TV (or phone) is LOLable.

I recently did a search for near field monitors (flat response, for the studio only) and with a friend we put several high end speakers to the oscilloscope. Despite all of them claiming 20khz-20hz response, NONE of them achieved it. NONE. The ones I ended up buying (mackie) checked in ~16khz.

I think to really get 20khz that would have to be a 3-way speaker. Practically all TV speakers are full range one speaker rubbish that receive nearly universal derision from buyers who review them. And with good reason: you spend >$500 for a samsung TV and they literally probably spent ~$1 on the speakers. It's an insult.

The better soundbars are usually 2-way speaker systems and despite the $100-$200 cost the speakers are pure crap that maybe top out ~13khz (a range most people can hear).

TL;DR: shit speakers can't produce ultrasound frequencies.

2) The same goes for the mics. Total crap. And what idiot hasn't seen the mic block & camera block apps for the ADroid? Get with the fvcking program.

3) And I know most people are too lazy to do this, but when I install a phone app I do so using a permissions removing installer app. It's absolutely essential as damn near every app wants access to the net, billing & camera. NO CAN HAVE!!!

4) Where are these magical apps that aren't running but still processing data? That's an oxymoron, a paradox, aka a fvcking lie. And if they mean an app that is dormant, then I've got news for ya: that app is fvcking running. Just because it's not up front doesn't mean it's off.

5) "inaudible" sound manifests itself in speakers as distortion, fizzzz, or produces a tone on a resonant frequency... just like 20hz bass in a wav file makes your 100hz speakers resonate with that horrid vibration.

6) This entire article sounds like it was written by a fvcking idiot who doesn't know speaker from elbow... or ass.

Use Android, root and XPrivacy

[allo]

For your phone:
1) Use an android phone. If you have an iPhone, forget it. There is no way to help you* on the iphone, except installing no apps at all.
2) Root your phone. I hope you thought about buying a rootable phone in step 1).
3) Install XPosed http://repo.xposed.info/
4) Install XPrivacy https://github.com/M66B/XPriva...
5) Consider donating for XPrivacy to get a Pro-Key and to help them develop this awesome project.
6) Think about installing AFWall+ as well, to cut internet access for some apps. XPrivacy can do this, but using AFWall is an easy way.

* Maybe with a jailbreak, i do not know the ecosystem of free apps for jailbroken iPhones. On the other hand, who wants to fight with apple all the time, who tries to lock you out again with each update? Just upgrade to an Android Phone. Nexus phones are a good choice.

Re:Use Android, root and XPrivacy

[radish]

Simpler solution - buy an iPhone. iOS doesn't allow apps to access the mic in the background - period. Even Siri can't do it unless you specifically allow it _and_ the phone is plugged in for power. Hell with very few exception iOS doesn't allow _anything_ to run in the background - and I'm pretty sure I here Android fans bleating about that from time to time too.

Or sure, you could get an Android and spend all day installing hacks and patches.

Sometimes the willful ignorance exhibited by people who have some religious affiliation to a fucking operating system is quite remarkable to behold.

Re:Use Android, root and XPrivacy

[EvilSS]

iOS is very forthcoming when an app access the microphone. If an app is accessing the microphone in the background, the status bar turns red and a flashing notification is placed under it showing the mic is in use and which app is using it. Also I'm pretty sure the Apple app store won't accept applications who's sole purpose is to run the mic in the background, it's only allowed for VOIP and a few other scenarios. Even the telephone app gets this notification (except in this case it's green, not red).

iOS also requires you to grant the application access to the microphone the first time it tries to use it (not as a bundle of permissions at installation like Android does) and you can revoke it at any time.

Jailbreaking the device is the last thing you want to do if you are worried about security. The best way to get shady apps on an iPhone is to jailbreak and use a 3rd party app store to load crap on to the phone.

I get you android fanbois like to shit on Apple, and Apple does some stuff that they deserve to get shit on for, but user privacy is not one of them. Although I love that your suggestion is to buy a phone from a company who's main source of income is selling ads, break the security on said device, and then install a bunch of third party apps to get it to a point where it emulates the security that comes standard on iOS.

Re:Use Android, root and XPrivacy

[EvilSS]

You can run apps accessing the mic in the background (and Siri can do this now, if you allow it, without being plugged in on 6s and 7 devices) but it notifies you with the red status bar and flashing banner telling you that an app accessing to the microphone and which app it is. You see this with VOIP apps, for instance. I'm also pretty sure Apple has rules about what kind of applications can do this. I doubt they allow an app to constantly passively listen, if for no other reason that it would degrade battery performance. You also have to specifically grant it access to the mic the first time it tries to use it.

Re:Use Android, root and XPrivacy

[allo]

You're just thinking of the mic, i am thinking of a solution to all data leaks. And there is no help on iOS, neither on most stock androids. But on android phones YOU can fix it. on iPhones ... good luck.

Re:Use Android, root and XPrivacy

[allo]

> Jailbreaking the device is the last thing you want to do if you are worried about security. The best way to get shady apps on an iPhone is to jailbreak and use a 3rd party app store to load crap on to the phone.
Just like a PC. You can use every app, without any signatures, restrictions, etc.
WHAT? Everyone can program a PC app? You can install programms, which are not verified by your OS manufacturer? This MUST be dangerous! Let's outlaw such devices!

But as said, iOS jailbreaks ARE quite shady, because they are uncommon and apple actively works against an open ecosystem for jailbroken phones.
On Android, the "jailbroken" phone is the better one.

Re:Use Android, root and XPrivacy

[EvilSS]

If you are concerned about security on a iOS device, which is what the OP is talking about, then yes, it's a dumb fucking idea to jailbreak it. That's the exact opposite of keeping the device secure. That way we don't end up with botnets running on iOS devices, like we are seeing with rooted Android devices.

It's a phone, not a PC.

Re:Use Android, root and XPrivacy

[allo]

Jup, so first replace your iphone with an android phone. The time where the apple rights system was superior are gone with android 6.0 anyway and stuff like XPrivacy and AFWall are effective in controlling all your apps (even system apps, if you dare).

Re:Use Android, root and XPrivacy

[EvilSS]

Jup, so first replace your iphone with an android phone. The time where the apple rights system was superior are gone with android 6.0 anyway and stuff like XPrivacy and AFWall are effective in controlling all your apps (even system apps, if you dare).

So replace my iOS device, with a less secure one, running an OS written by an anti-privacy advertising company (who totally isn't evil, they pinky swear), and install a bunch of apps to reign in sketchy apps that can't run on iOS to begin with? Or, you know, i could just keep my current device and not fuck with all that crap in the first place.

Re:Use Android, root and XPrivacy

[allo]

i see some stockholm syndrome.
Keep your iphone and think you're secure. I do not see how to help you, if you don't want to accept help.

Re:Use Android, root and XPrivacy

[EvilSS]

i see some stockholm syndrome. Keep your iphone and think you're secure. I do not see how to help you, if you don't want to accept help.

Yea I guess myself and just about every independent security researcher on the planet must have stockholm syndrome.

Your incredulity is powered by arrogance.

Your incredulity is powered by arrogance.

Re:Your incredulity is powered by arrogance.

Your incredulity is powered by arrogance.

Says the blathering Anonymous Coward.

Is there an app for that?

[viperidaenz]

I mean, to add a low-pass filter to the mic input.

Also some other issues

[Sycraft-fu]

One is your pocket acts as a low-pass filter. The higher frequency the sound, the smaller the wavelength, the smaller the wavelength, the less material you need to interfere with the sound wave. Try recording something with the phone sitting in your pocket sometime. Among other issues, you'll notice things are more "muffled" that the high frequency definition to them is not as good. That's because the high frequency sounds get messed with more than the low frequency ones by living in a pocket.

Also there's the issue of encoding. Never mind what the user's speakers are designed to do, the broadcast is not band unlimited. Like all digital broadcasts, it is band limited. Now it can be, and often is, band limited to 48kHz, which does allow for slightly ultrasonic frequencies (up to 24kHz) but we aren't done yet: It is compressed with lossy compression, specifically AC-3. This also implements a form of band limiting. Not only can it actually choose a frequency less than Nyquest to stop encoding at (which it does for lower bitrate streams) but in any case it doesn't spend nearly as much work on accurate encoding of high frequency information, since our ears are less sensitive to it. It spends bits getting the low and mid frequencies accurate first, not worrying so much about the ultra high ones.

There's an additional problem that AC-3 introduces, even for sounds in the audible range: It uses psycho-acoustic encoding. The idea is it throws away stuff that we can't hear, not just high frequency, but sounds that are masked by other sounds. The whole basis for it (and other lossy codecs) is "don't bother encoding it if humans won't notice it". So to make your encoded sound survive, it needs to be the kind of things that is likely to be audible to humans. If it is some very subtle, very high frequency modulation that is almost certainly the kind of thing a lossy codec would ignore.

While I certainly won't say this sort of thing is impossible, they really need to show some examples of it, before I'm willing to believe. It just relies on too many unlikely things to work.

Re:Also some other issues

I have similar thoughts. You need a pretty high end (or purpose built) speaker to reliably put out sounds outside of the range of human hearing. Throw compression into the mix and the likelihood of this consistently working gets smaller still.

It occurs to me, and also no doubt to advertisers, that there are much easier ways to fuck with people's phones.

This isn't a problem

This hack is only possible through Inaudible Ultrasound.

At least we're safe from audible Ultrasound.

Bollocks

Microphones with ultrasonic response are expensive. Nobody's putting them in mobile phones.

XPrivacy deny sensors permission

[emil]

For the moments that your phone is on, YOU decide if your apps can use the microphone.

This should be standard in the Android OS. Tells you something about Google that it's not.