A new privacy-busting technique that tracks consumers through the use of ultrasonic tones may have once sounded like the stuff of science fiction novels, but today it’s reality. These near-silent tones can’t be picked up by the human ear, but there are apps in your phone that are always listening for them. IT security experts from AlienVault and ESET commented below.
Javvad Malik, Security Advocate at AlienVault:
“As mobile phone capabilities increase, and technologies that can communicate with such devices proliferate, it is only natural that more creative ways will be used to communicate and extract information from phones.
However, the fundamental issue isn’t so much the advent of technologies such as ultrasonic sounds; but rather the willingness of users to continually give extended permissions to apps on their devices. There should be no reason a game or a novelty app should need access to core phone features such as microphone, speaker, phone, and text messages – yet this happens on a frequent basis. As long as this continues to happen, mobile devices will be the enemy of users privacy.”
Robert Lipovsky, Researcher at ESET:
“Although the described techniques may sound as science fiction, it’s not overly surprising. At ESET we see privacy-invading advertisement all the time. On the other hand, location tracking based on ultrasonic beacons, while innovative, appears as another method of location tracking, which, sadly, doesn’t raise an eyebrow from most users. And this privacy-ignoring mindset is the biggest problem.
“Technically speaking, the methods are not merely a question of individual apps, but entire advertisement frameworks. Unfortunately, unlike regular malware, ads and their intrusiveness is a sensitive grey area. Nevertheless, when an app or framework crosses the boundary of what can be considered acceptable, ESET strictly detects them (Android/AdDisplay).”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.