Ultrasound Tracking Could Be Used To Deanonymize Tor Users

New submitter x_t0ken_407 quotes a report from BleepingComputer: Ultrasounds emitted by ads or JavaScript code hidden on a page accessed through the Tor Browser can deanonymize Tor users by making nearby phones or computers send identity beacons back to advertisers, data which contains sensitive information that state-sponsored actors can easily obtain via a subpoena. This attack model was brought to light towards the end of 2016 by a team of six researchers, who presented their findings at the Black Hat Europe 2016 security conference in November and the 33rd Chaos Communication Congress held last week. Their research focuses on the science of ultrasound cross-device tracking (uXDT), a new technology that started being deployed in modern-day advertising platforms around 2014. uXDT relies on advertisers hiding ultrasounds in their ads. When the ad plays on a TV or radio, or some ad code runs on a mobile or computer, it emits ultrasounds that get picked up by the microphone of nearby laptops, desktops, tablets or smartphones. These second-stage devices, who silently listen in the background, will interpret these ultrasounds, which contain hidden instructions, telling them to ping back to the advertiser's server with details about that device. Advertisers use uXDT in order to link different devices to the same person and create better advertising profiles so to deliver better-targeted ads in the future. The attack that the research team put together relies on tricking a Tor user into accessing a web page that contains ads that emit ultrasounds or accessing a page that contains hidden JavaScript code that forces the browser to emit the ultrasounds via the HTML5 Audio API.

Is this theoretical?

[guruevi]

I understand this is theoretically possible but what speakers in these devices have powerful ultrasonic blasters? Unless they're doing some form of distance measuring, the majority of speakers is limited well under 18kHz with the response curve dropping sharply after that.

Re:Is this theoretical?

[Midnight_Falcon]

This! As somewhat of an audio engineer I know various speaker drivers very well, and laptop speakers essentially never have advertised frequency responses above 20KHz. And you're right, realistically, it's more like 18Khz with a steep drop off after 16KHz. Many people can hear 20KHz -- I've done tone tests and found I can hear up to 22KHz. So what speakers is this person using and what manner of computer has this kind of built in tweeters?

Re:Is this theoretical?

If you are an audion engineer, you should know there is no way on earth you can hear 22khz. You MAY hear sub harmonics or modulation effects, however you cannot hear a 22 khz fundemental.
In reality, you are talking out of your ass.
I am a real pro audio engineer of 40 years experience, calling your post bullshit.

Re: Run Tor in a VM without audio support

[Zero__Kelvin]

Or the simpler solution: Recognize that the claim (s) bring made here are PHENOMENALLY ridiculous. Even if the coupling was 100%, so what? You can't just emit a sound and cause my computer to do anything. There would have to be special software running on the target system that was listening. In other words it is the classic "I could break into your computer, but first I need admin access to it".

Re:Just when you thought

[simplypeachy]

When I use other people's computers to use the Internet...good god it's like I'm in some sort of fledgling Total Recall. So many of the adverts have reached past the threshold of being parodies of themselves, they seem like their own self-satire. The relevancy or attention span of any amount of text is reduced to almost nil by pictures of mostly-naked people on diet pill adverts, shiny shiny motor vehicles with angry-looking grilles or hilarious gambling animations. There is a massive joke that you and I are not seeing, and that's because we're not suffering the expense of being the butt of the joke that is Internet advertising.