Hundreds Of Privacy-Invading Apps Are Using Ultrasonic Sounds To Track You

By   ISBuzz Team
Writer , Information Security Buzz | May 05, 2017 10:49 am PST

A new privacy-busting technique that tracks consumers through the use of ultrasonic tones may have once sounded like the stuff of science fiction novels, but today it’s reality. These near-silent tones can’t be picked up by the human ear, but there are apps in your phone that are always listening for them. IT security experts from AlienVault and ESET commented below.

Javvad Malik, Security Advocate at AlienVault:

javvad malik“As mobile phone capabilities increase, and technologies that can communicate with such devices proliferate, it is only natural that more creative ways will be used to communicate and extract information from phones.

However, the fundamental issue isn’t so much the advent of technologies such as ultrasonic sounds; but rather the willingness of users to continually give extended permissions to apps on their devices. There should be no reason a game or a novelty app should need access to core phone features such as microphone, speaker, phone, and text messages – yet this happens on a frequent basis. As long as this continues to happen, mobile devices will be the enemy of users privacy.”

Robert Lipovsky, Researcher at ESET:

robert lipovsky“Although the described techniques may sound as science fiction, it’s not overly surprising. At ESET we see privacy-invading advertisement all the time. On the other hand, location tracking based on ultrasonic beacons, while innovative, appears as another method of location tracking, which, sadly, doesn’t raise an eyebrow from most users. And this privacy-ignoring mindset is the biggest problem.

“Technically speaking, the methods are not merely a question of individual apps, but entire advertisement frameworks. Unfortunately, unlike regular malware, ads and their intrusiveness is a sensitive grey area. Nevertheless, when an app or framework crosses the boundary of what can be considered acceptable, ESET strictly detects them (Android/AdDisplay).”