Tor users at risk of being unmasked by ultrasound tracking by Danny Bradbury.
How close is your phone to your computer right now?
That close?
You may want to rethink your phone’s location.
From the post:
A new type of attack should make Tor users – and countless dogs around the world – prick up their ears. The attack, revealed at BlackHat Europe in November and at the 33rd Chaos Computer Congress the following month, uses ultrasounds to track users, even if they are communicating over anonymous networks.
The attack uses a technique called ultrasound cross-device tracking (uXDT), which made its way into advertising circles as early as 2012. Marketing companies running uXDT campaigns will play an ultrasonic sound, inaudible to the human ear, in a TV or radio ad, or even in an ad delivered via a computer browser.
Although the user won’t hear it, other devices such as smartphones using uXDT-enabled apps will be listening. When the app hears the signal, it will ping the advertising network with details about itself. What details? Anything it asks for the phone for, such as its IP address, geolocation Coleman’s, telephone number and IMEI (SIM card) code.
That’s creepy enough in marketing. Now, advertisers can tell what TV or radio ads you’ve been listening to, matching them with the universe of other information they have about you from your web searches, social media activity and emails.
…
In essence the technique uses an ultrasound “beacon” to trigger your phone to “call home.”
Hmmm, betrayed by your own phone.
Danny outlines a number of scenarios of governments using this technique against users.
Ultrasound tracking poses a significant risk for Tor users, but they are security conscious enough to be using Tor.
Consider the flip side of using ultrasound tracking as a pathway into government offices. A phone that can “call home” can certainly listen for keystrokes.
Where do you think most sysadmins keep their phones? 😉