Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: InfoSec Handlers Diary Blog - Internet Storm Center Diary 2018-05-28 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Do you hear Laurel or Yanny or is it On-Off Keying?

Published: 2018-05-28
Last Updated: 2018-05-28 16:41:26 UTC
by Kevin Liston (Version: 1)
2 comment(s)

Bernd shared a white paper this morning, "Analysis of an Ultrasound-Based Physical Tracking System " by Cunche and Cardoso (https://hal.inria.fr/hal-01798091/document) which goes over how they rever engineered an ultrasound-based in-store tracking application.  They wrote an app that generates it's own ultrasonic sounds to jam such applications.  Souce code is available (alegedly, their GitLab instance was having an issue when I looked at it.)  The site does have samples of ultrasonic applications caught in the lab and in the wild (http://sonicontrol.fhstp.ac.at/) which you could use for you experiments.

I've been interested in the interaction between ultrasonic and mobile technology since I saw Jameson Rader's XT Audio Beacons (https://github.com/jamrader/XTAudioBeacons) that were used to syncrhonize a lightshow from attendee's smartphones.  Digging further into that I needed tools to detect and generate these signals.  I first went to Audacity (https://www.audacityteam.org/) because I focusing on sound generation, but if I wanted to move data via ultrasound I would need modulation and demodulation which brought me to GNU Radio (https://www.gnuradio.org/).

I wasn't the first to think of that approach. There's a demonstration using commodity laptops (https://www.anfractuosity.com/projects/ultrasound-via-a-laptop/) where he sends data very slowly at 23kHz.  They improved on the process and have nice full-duplax eample here: https://www.anfractuosity.com/projects/ultrasound-networking/

There is simple chat program that uses this technique called Quietnet (https://github.com/Katee/quietnet)

Others have raised privacy concerns about use of the technology (isn't there always?)   In "Privacy Threats through Ultrasonic Side Channels on Mobile Devices" Arp, Quiring, Wressnegger, and Rieck (http://christian.wressnegger.info/content/projects/sidechannels/2017-eurosp.pdf) they describe using SilverPush (https://www.silverpush.co/) a marketing application to track a user via embedded signals is web ads.

It's also used in Google Nearby (which uses seen wi-fi APs, and bluetooth in addition to audio beacons.)  When enabled a smartphone will generate ultrasonic signals and listen for other signals.

Now I want to head out to the maul with an audio spectrum analyzer.  The available-parking sensors, the in-store tracking, the smartphons of passers-by-- what fun. 

Keywords: ultrasonic
2 comment(s)
Diary Archives