Slashdot Mirror
Over 200 Android Apps Are Currently Using Ultrasonic Beacons To Track Users (bleepingcomputer.com)
Catalin Cimpanu, writing for BleepingComputer: A team of researchers from the Brunswick Technical University in Germany has discovered an alarming number of Android apps (234, to be exact) that employ ultrasonic tracking beacons to track users and their nearby environment. Their research paper focused on the technology of ultrasound cross-device tracking (uXDT) that became very popular in the last three years. uXDT is the practice of advertisers hiding ultrasounds in their ads. When the ad plays on a TV or radio, or some ad code runs on a mobile or computer, it emits ultrasounds that are picked up by the microphone of nearby laptops, desktops, tablets or smartphones. SDKs embedded in apps installed on those devices relay the beacon back to the online advertiser, who then knows that the user of TV "x" is also the owner of smartphone "Y" and links their two previous advertising profiles together, creating a broader picture of the user's interests, device portfolio, home, and even family members.
Completely useless, alarmist, unactionable article. Name names, dammit.
the growth in cynicism and rebellion has not been without cause
>When the ad plays on a TV or radio, or some ad code runs on a mobile or computer, it emits ultrasounds that are picked up by the microphone of nearby laptops, desktops, tablets or smartphones. SDKs embedded in apps installed on those devices relay the beacon back to the online advertiser, who then knows that the user of TV "x" is also the owner of smartphone "Y"
Imagine you're on your phone and browsing the web. You load one of those ads, and your phone now broadcasts your advertiser-assigned unique ID via ultrasound. OK. Who says it has to be another device YOU own that picks it up?
How difficult would it be to drop listening devices in high traffic areas that listen for those tones, sending location information back to whoever? And that's just to augment other devices that might be infected with a listen-and-report app.
This isn't an advertising tool, it's a ubiquitous surveillance tool for three-letter-agencies that advertisers have discovered. That is, of course, assuming it actually works outside a lab and isn't just an untested fantasy the ad types latched onto.
Anyway, IF phones can both transmit and detect ultrasonic tones (which I question), it's only a matter of time until someone produces a 'secure' phone that has physical filters in line with the speaker and mic wires to filter out anything outside the range of human hearing.
Wanted: an app that broadcasts ALL these signals, making them think you've got every product already, so they won't waste their time trying to sell you anything. Or just pollute their data to the point it's useless.
"Transparent" is a shit show that trades on every stereotype going. A man in drag is NOT a transsexual.
Just open up your phone and unplug the microphone. No-one uses those things to make calls any more anyway.
I remember a few years back someone modded a flip phone with a magnetic switch so that when it was closed the mic was physically disabled. This was around the time that details of MI5/NSA malware that could turn the mic on were coming out. If someone made a phone with a physical slider that disabled the mic and camera, or even just a magnetic switch and a flip open cover with a magnet in it, I'd buy that.
Also, phone mics should have a hardware low pass filter that cuts off stuff above the human hearing range. In fact I'm surprised that they don't... Android could block it with a bit of software filtering too, or just deny the app permission to use the microphone.
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
Cited research paper:
http://christian.wressnegger.i...
Found via the reddit thread on the same topic, It names a few of the apps, primarily using the SilverPush library.
Why aren't you encrypting your e-mail?
1a) Hardware switches need to come back into fashion. CUT THE WIRES. Since physical switches have an irritating habit of failing, they need to be easily replaceable, so they need to plug in and touch contact points, not be soldered in.
1b) These switches should exist for power and every corruptible/interceptable I/O path. If a light sensor senses, an LED blinks, a mic listens, or tone is generated, there should be a physical, circuit-interrupting switch to kill the related hardware. If there isn't, your device isn't as secure as it could be.
2) The OS should fake permissions for apps, since so many refuse to run without access they don't actually require. Instead of 'yes/no' when access is requested, we need the options 'yes', 'no', and 'fake it'. Anybody who demands location, camera, mic, contact, and file access to run their app that needs none of that should not be respected enough that you have to go with 'just do not install'. They're immoral, you be immoral right back.
Yep, it occurred to a number of people. That's why they're using 18K or so as the frequency. Remember, there isn't a hard wall cutoff here, just a drop in response. If all you're trying to do is send a couple of bytes of information, you can be slow and sloppy.
Faster! Faster! Faster would be better!
According to the article, offending apps seem to be mostly from India and the Philippines. They list 5 "representative apps" with developers:
Application Name Developer Version Downloads
100000+ SMS Messages Moziberg 2.4 1,000,000 – 5,000,000
McDo Philippines Golden Arches Dev. Corp. 1.4.27 100,000 – 500,000
Krispy Kreme Philippines Mobext 1.9 100,000 – 500,000
Pinoy Henyo Jayson Tamayo 4.0 1,000,000 – 5,000,000
Civil Service Reviewer Free Jayson Tamayo 1.1 50,000 – 100,000
TABLE 2: Third-party applications with SilverPush functionality
I'm pretty sure Pandora does this on iPhone also. Last week I was on an artists site and listening to pandora on my phone. All of a sudden a song by that artist was played on a channel that was completely unrelated to that type of music. Kind of odd I thought, as I've had this happen before simply by talking to a friend about a song, and the very next song is the one we had talked about. Or maybe I'm just crazy.
See OnePlus 3(t) slider, which is three position for alerts, but similar to what you are asking for. As in "Doable".
What I would like is a programmable slider, one that I could make it disable mic or camera.
But if it's done in software it can be undone in software. I don't know any code that can bridge a physical gap in a circuit... a micro reed switch and a magnet on a flip phone or a slide on a smart phone... but it HAS to break the circuit(s) in question. Maybe a switch with micro jumpers to configure paths...
You have the right to remain sentient. If you give up the right to remain sentient, you will be elected to public office
XPrivacy used to do exactly this on Android. An app wanting a GPS location? Here is one. Contact info? Here is a randomly generated list. Ad IDS? Pick a 128 bit number.
'yes', 'no', and 'fake it'.
This is pure evil genius.
Pretty sure it's also the foundation of some marriages...
You have the right to remain sentient. If you give up the right to remain sentient, you will be elected to public office
If you recently upgraded your TV, that could be why. Seems that dogs couldn't really perceive motion on older TVs because the framerate and resolution were too low. Modern TV's with higher refresh rates and resolution makes it much easier for dogs to perceive it as real, and so they're paying more attention to TV on the whole. There's even a new TV channel FOR dogs.
http://www.foxnews.com/science...
1a) Hardware switches need to come back into fashion. CUT THE WIRES. Since physical switches have an irritating habit of failing, they need to be easily replaceable, so they need to plug in and touch contact points, not be soldered in.
But then you would have to increase the thickness of the phone by 0.5mm, and that would be a FUCKING DISASTER.
There is this thing called age-related hearing loss. By the time they're in their 30s and 40s, most people will be lucky to hear 15 KHz. It is not uncommon to have healthy adults who are unable to hear above 10K-12K.
Do you care to adjust your opinion in light of reality? Because you can google this if you don't want to take my word for it. Age-related hearing loss, aka presbyacusis, is very much an established fact.
---
According to the latest ruleset, this post should be modded as Vorpal Flamebait +5.
Switch to Ubuntu: every time you logout, your sound system will switch back to default settings that won't work, and you will only remember to reconfigure it when you actually want to hear something, and then you can spend 20 mins getting it working again, by which time the bug infested chirpy-chirpy-cheep-cheep app will probably have crashed anyway..
Sent from my ASR33 using ASCII
Seems that dogs couldn't really perceive motion on older TVs because the framerate and resolution were too low.
Carnivore (predator) pets like dogs and cats tend to be much more sensitive to motion.
They will *perceive* motion on TV, it will just look more choppy and flickering to them.
Just like human where able to perceive motion in silent film era's 12-16fps, in half-rate/dupe-frame 12-15fps animation, or in "shitty low"-fps GIFs.
It looks a lot more choppy, than a 24/30fps or even a 48/60fps.
Or just like human *can* see the flicker of a 60Hz CRT monitor when looked at the periphery of the view (i.e.: where there are more rods - sensors with faster response that are also responsible for the pets better motion sensitivity).
I had my cats recognize and react to things on my old 50Hz CRT, even if *I* could notice the flickering.
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]