Advance organizations or individuals like hackers and especially advertisers need very little information about you. While most of us who care about privacy do not allow even block them to track. But they still want this information without our permission. Ultrasonic cross-device tracking technology takes place major assist to get back that information to them.
Everywhere you go and whatever you might be doing as long as you have an electronic device with a microphone, speakers, or gyroscope that device might be listening. Not just your phone but also your laptop, tablet, smartwatch, tv, or IoT-enabled home appliances. All participating in the most undercover and unavoidable method of tracking your location and behavior.
Ultrasonic Cross-Device Tracking
let’s say you’re watching your favorite tv program and as a regular viewer you have your phone with you or somewhere close in that room, in the old days that will be the end of the story but in this day and age your tv is an audio beacon and your phone is a receiver.
Beacons are emitting high-frequency sounds and receivers are listening to those signals during advertisement breaks. your tv will emit ultrasounds that you won’t be able to hear but your phone and dog will.
In this case, it would generate an identifier with information about you watching a particular tv program at a given time your phone will save this information and make it available for apps on your phone to read and transfer to advertisers. what just happened here is called Ultrasonic Cross-Device Tracking.
How Ultrasonic Cross-Device tracking technology works
It’s a method of linking multiple devices of a user to track their behavior and location. It works with all devices equipped with regular microphones, speakers, or even gyroscope sensors. Ultrasonic audio beacons can be embedded in any form of media such as tv programs, websites, online videos, apps on your phones, or even digital billboards and banners.
It works both ways using ultrasound audio beacons can always detect when your phone is nearby and likewise apps on your phone can listen for potential audio beacons to track what you do and see.
The only constraint of ultrasonic tracking is bitrate and distance. The bandwidth of high-frequency transmission is about 10 to 20 bits per second, that aren’t a lot of data that can be transmitted. It is just enough to transfer identifiers from your phone and nearby beacons to communicate your proximity, location, and fingerprinting information such as what browser or device type do you use.
High-frequency sounds are not going to travel a fast distance. the limit of this technology, at least what is publicly known is no less than 65 feet. that may not sound like much but it is enough to transfer data in densely populated urban areas even from air gap machines, that is even if you keep all of your devices completely off the grid your data can travel on high-frequency sounds and hop between devices until it reaches one that is connected to the internet.
Why Ultrasonic Cross-Device tracking is Unavoidable
The ultrasonic Cross-Device tracking method is usually completely permissionless and secret. you won’t receive any notifications and oftentimes, you’ll never know what apps on your phone or websites you visit have ultrasonic beacons or receivers in them. you won’t be able to stop it even if you disable location services or take your phone completely offline, enable airplane mode, remove your sim card, and cut off all network access, the transmission of data via ultrasonic means is going to work outside of all radio signals.
Ultrasonic tracking has proven to be so effective it can even de-anonymize TOR users, audio beacons can bypass tor by sending true location information and the original IP address of a TOR user straight to the adversaries or advertisers.
If that doesn’t scare you enough ultrasonic transmissions happen instantly and without any authentication or encryption, your sensitive data is blasted into the air for several meters and can be collected by other devices. Adversaries can potentially build a mesh network of audio beacons to collect sensitive data of all the devices in proximity.
How controlled Ultrasonic Cross-Device tracking
There is a mechanism to opt-out of this tracking, revoking the app’s permission to access your microphone. Only allow microphones for apps while in use and only for those apps that truly need it or features you use, but restricting microphone access is only going to mitigate a portion of high-frequency tracking signals.
One of the other best defense mechanisms would be with microphone hardware switches that completely cut off the electric current from even going into your mic these are currently introduced only in a couple of non-mainstream projects.
Even that wouldn’t be enough to stop ultrasonic tracking in 2018 researchers from Yale and Technical University of Darmstadt in Germany found a way to exploit gyroscope sensors to do the ultrasonic cross-device tracking and transmission with zero permission access.
A gyroscope is a tiny sensor in a phone that measures its rotation rate to estimate its orientation in space. These sensors are designed to have a resonance frequency between 19 to 29 kilohertz which is well within the ultrasonic range. This makes gyroscopes responsive to exploitation for ultrasonic transmission with a bandwidth of 10 to 20 bits per second using gyroscopes doesn’t usually require special permissions which is why this is a zero permission access.
Restricting access to the sensor is only available on Graphene OS. This means most users are vulnerable even if they restrict microphone permissions.
Why are adversaries & advertisers so obsessive about ultrasonic tracking?
It allows them to link ad impressions across different channels. If you saw an ad on your phone and went on to check that product on your laptop audio beacons can link this activity. You saw a tv commercial, your phone was listening for that too. Visit a store and walked by a banner or billboard your audio frequencies give away your presence. Ultrasonic beacons can also rather precisely determine your position which is useful, if another location services aren’t available even if the whole telecommunications network is down audio tracking will still function as long as it has power.
Audio beacons can also be used to track your behavior, they can track what movies you see in theaters or watch on tv, what radio programs or podcasts you listen to. where you buy your groceries, what people you meet how frequently you meet, where and how close you are to each other. what websites do you visit or potentially even what searches you make?
High-frequency audio tracking code can run anywhere and you’ll never know about it. this can be inside any ad, app, program or any digital medium since all of this source code is proprietary we have no way of finding out which apps and which media companies are utilizing ultrasonic cross-device tracking.
In 2017 researchers in Germany found hundreds of apps using audio beacons and some of them have been downloaded millions of times the biggest names in their findings listed McDonald’s and Krispy Kreme.
Ultrasonic signaling is bound to improve since it is being supported for other purposes and not just ad tracking both google and apple are developing ultrasonic communication between devices to establish proximity or for device pairing. Corporations, researchers, hackers, and advertisers are going to continue investing in this technology and are bound to find ways to make ultrasonic tracking more and more effective.
Google and Apple will have to develop tools for users to toggle off permission to access gyroscope sensors as well since these can be used for tracking effectively. The best approach would be to use hardware switches that kill power going into microphones and sensors so that they can’t be exploited even if the software settings are compromised.
Ultrasonic cross-device tracking is among the most invasive tracking practices that are incredibly secret, and difficult to detect and avoid. Now definitely review your microphone permissions on your iPhone or Android and consider switching to free and open source apps wherever you can. Installing Graphene OS on google pixel phones seems to offer the best defense since graphene os also provides permission to turn off sensors on android other android and ios users are vulnerable.