-
Notifications
You must be signed in to change notification settings - Fork 0
/
index.html
311 lines (264 loc) · 18.8 KB
/
index.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>uBeacSec: Privacy and Security Aspects of the Ultrasound Ecosystem</title>
<meta name="description" content="This site hosts material and references on our research on the security and privacy implications of ultrasound-based technology">
<meta name="author" content="Vasilios Mavroudis, Shuang Hao, Yanick Fratantonio, Federico Maggi, Giovanni Vigna, and Christopher Kruegel">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link href="//fonts.googleapis.com/css?family=Raleway:400,300,600" rel="stylesheet" type="text/css">
<link rel="stylesheet" href="css/normalize.css">
<link rel="stylesheet" href="css/skeleton.css">
<link rel="stylesheet" href="css/app.css">
</head>
<body>
<div class="container">
<div class="row">
<div class="tweleve columns" style="margin-top: 15%">
<div class="text-center">
<img src="i/tv.png" alt="Old-fashioned TV set" />
</div>
<br />
<h1 style="margin-top: 5%;" class="text-center">Privacy and Security Aspects of the Ultrasound Ecosystem</h1>
<nav class="text-center text-large">
<a href="#FAQs">FAQs</a> ·
<a href="#Members">Who we are</a> ·
<a href="#Publications">Publications and Talks</a> ·
<a href="#Downloads">Downloads</a> ·
<a href="#Press">Press</a> ·
<a href="#Members">Contact us</a>
</nav>
<div class="row">
<hr class="four columns offset-by-four" />
</div>
<div class="text-large text-justify">
<h4 class="text-center">Gimme some context!</h4>
<p>Nowadays users often possess a variety of electronic devices for
communication and entertainment. In particular, smartphones are
playing an increasingly central role in users' lives: Users carry
them everywhere they go and often use them to control other
devices. This trend provides incentives for the industry to tackle
new challenges, such as <strong>cross-device authentication</strong>, and to develop
new monetization schemes. A new technology based on ultrasounds has
recently emerged to meet these demands. <strong>Ultrasound technology has a
number of desirable features</strong>: it is easy to deploy, flexible, and
inaudible by humans. This technology is already utilized in a
number of different <strong>real-world applications</strong>, such as device
pairing, proximity detection, and <strong>cross-device tracking</strong>.</p>
<h4 class="text-center">What's the problem?</h4>
<p>For the first time, we examine the different facets of
ultrasound-based technology. Initially, we discuss how it is
already used in the real world, and subsequently examine this
emerging technology from the <strong>privacy and security perspectives</strong>. In
particular, we first observe that the <strong>lack of OS features results
in violations of the principle of least privilege</strong>: an app that
wants to use this technology currently needs to require full access
to the device microphone. We then analyse real-world Android apps
and find that tracking techniques based on ultrasounds suffer from
a number of vulnerabilities and are <strong>susceptible to various attacks</strong>.
For example, we show that ultrasound cross-device tracking
deployments can be abused to perform <strong>stealthy deanonymization
attacks</strong> (e.g., to unmask users who browse the Internet through
anonymity networks such as Tor), to inject fake or spoofed audio
beacons, and to leak a user's private information.</p>
<iframe width="854" height="480" src="https://www.youtube.com/embed/GRPYF9b7_tA" frameborder="0" allowfullscreen></iframe>
<h4 class="text-center">Where do we go from here?</h4>
<p>Based on our findings, <strong>we introduce several defense mechanisms</strong>. We
first propose and implement immediately deployable defenses that
empower practitioners, researchers, and everyday users to protect
their privacy. In particular, we introduce a <strong>browser extension</strong> and
an <strong>Android permission</strong> that enable the user to <strong>selectively suppress
frequencies</strong> falling within the ultrasonic spectrum. We then argue
for the <strong>standardization of ultrasound beacons</strong>, and we envision a
<strong>flexible OS-level API</strong> that addresses both the effortless deployment
of ultrasound-enabled applications, and the prevention of existing
privacy and security problems.</p>
</div>
</div>
</div>
<div id="FAQs" class="row">
<div class="tweleve columns">
<h2>Frequently Asked Questions</h2>
<dl>
<dt>Am I affected?</dt>
<dd>Likely not, unless you installed an Android app that uses an
ultrasound-based framework and requests access to your
microphone.</dd>
<dt>Aren't ultrasounds bad for my health?</dt>
<dd>We're not experts in this matter. Please refer to proper resources.</dd>
<dt>How widespread is all this?</dt>
<dd>We haven't performed large-scale measurements, although some of
the apps that embed ultrasound-based frameworks were downloaded
by hundreds of thousands users, according to the metadata published
on the Google Play Store.</dd>
<dt>Can this be fixed?</dt>
<dd>Yes, but it'll take a long, long time. This is not a software
vulnerability that can be fixed by applying a simple patch.
Although we have created a <a
href="#Downloads">proof-of-concept</a> patch for the Android
Open Source Project (AOSP) and a "personal firewall" to prevent
your browser's Web API to emit ultrasounds, a holistic action is
needed. Decision and policy makers should agree on what's the
next step in terms of regulations and standardization, OS vendors
and developers should integrate support for ultrasound beacons to
provide a transparent API (e.g., like for other physical and data
layers such as Bluetooth), and finally developers should adopt
such API.
</dd>
<dt>Is every mobile operating system capable of capturing uBeacons, or just Android?</dt>
<dd>It depends more on the hardware of the device (i.e., the microphone) and less on the operating system. The great majority of commercial microphones found in mobile phone can capture uBeacons.
Nevertheless, the operating system plays a role as it determines what an application can and can't do. For our research, we worked with Android and we can confirm that it is possible to listen for ultrasounds in the background.
We haven't checked iOS, but we cannot exclude either possibilities.</dd>
<dt>Do you have information on the actual frequencies these beacons operate on?</dt>
<dd>We have seen frameworks listening for beacons starting from 18.000Hz and higher. For instance, a relevant patent can be found <a href="https://www.google.com/patents/US20150215668">here</a>.
However, the exact implementation of ultrasound beacons varies between companies.</dd>
<dt>What is the situation now?</dt>
<dd>The awesome people at City Frequencies maintain an up to date page on the current status of the ecosystem, as well as present some additional findings: <a href="https://cityfreqs.com.au/pilfer.php">Here!</a>
</dd>
</dl>
<p class="text-center">
<a class="button button-primary" href="#Members">Submit a Question</a>
</p>
</div>
</div>
<div id="Members" class="row">
<div class="tweleve columns">
<h2>Who we are</h2>
<dl>
<dt><a href="https://mavroud.is">Vasilios Mavroudis</a>, <a href="https://twitter.com/mavroudisv">@mavroudisv</a></dt>
<dd>PhD student, University College London (UCL)</dd>
<dt><a href="http://www.cs.ucsb.edu/~shuanghao/">Shuang Hao</a></dt>
<dd>Postdoc researcher, University of California, Santa Barbara (UCSB)</dd>
<dt><a href="http://cs.ucsb.edu/~yanick/">Yanick Fratantonio</a>, <a href="https://twitter.com/reyammer">@reyammer</a></dt>
<dd>PhD student, University of California, Santa Barbara (UCSB)</dd>
<dt><a href="https://maggi.cc/">Federico Maggi</a>, <a href="https://twitter.com/phretor">@phretor</a></dt>
<dd>Professor, Politecnico di Milano (POLIMI)
<br />
Visiting Researcher at Univeristy of California, Santa Barbara (UCSB)
</dd>
<dt><a href="https://www.cs.ucsb.edu/~vigna/">Giovanni Vigna</a></dt>
<dd>Professor, University of California, Santa Barbara (UCSB)</dd>
<dt><a href="http://www.cs.ucsb.edu/~chris/">Christopher Kruegel,</a></dt>
<dd>Professor, University of California, Santa Barbara (UCSB)</dd>
</dl>
</div>
</div>
<div id="Publications" class="row">
<div class="tweleve columns">
<h2>Publications and Talks</h2>
<p>Vasilios Mavroudis, Shuang Hao, Yanick Fratantonio, Federico
Maggi, Giovanni Vigna, and Christopher Kruegel. <em>The Good, the Bad and the Ugly of the Ultrasonic Communications Ecosystem</em>.
RSA Conference 2018, San Fransisco US, 17 April 2018.
[<a href="https://www.rsaconference.com/events/us18/agenda/sessions/11615-the-good-the-bad-and-the-ugly-of-the-ultrasonic">Video</a>]</p>
<p>Vasilios Mavroudis, Shuang Hao, Yanick Fratantonio, Federico
Maggi, Giovanni Vigna, and Christopher Kruegel. <em>Talking Behind
Your Back: On the Security of the Ultrasound Tracking Ecosystem</em>.
Chaos Communication Congress, Hamburg, Germany, 27-30 December 2016. [<a
href="https://www.youtube.com/watch?v=ffFk0E7E7ek">Video (En)</a>] [<a
href="https://www.youtube.com/watch?v=aZ9oyVKWaj0">Video (De)</a>]</p>
<p>Vasilios Mavroudis, Shuang Hao, Yanick Fratantonio, Federico
Maggi, Giovanni Vigna, and Christopher Kruegel. <em>The
Ultrasound Tracking Ecosystem</em>. Report. November 2016. [<a
href="downloads/report.pdf">PDF</a>]</p>
<p>Vasilios Mavroudis, Shuang Hao, Yanick Fratantonio, Federico
Maggi, Giovanni Vigna, and Christopher Kruegel. <em>Talking Behind
Your Back: Attacks and Countermeasures of Ultrasonic Cross-device
Tracking</em>. <a
href="https://www.blackhat.com/eu-16/briefings.html">Blackhat
Europe</a>, London, UK, 3–4 November 2016. [<a
href="downloads/slides.pdf">Slides</a>]</p>
<p>Vasilios Mavroudis, Shuang Hao, Yanick Fratantonio, Federico
Maggi, Giovanni Vigna, and Christopher Kruegel. <em>On the Privacy
and Security of the Ultrasound Ecosystem</em>. 17th <a
href="https://petsymposium.org">Privacy Enhancing Technologies
Symposium</a>, Minneapolis, MN, July 2017. [<a
href="https://petsymposium.org/2017/papers/issue2/paper18-2017-2-source.pdf">PDF</a>]</p>
</div>
<div style="font-size:0.8em;">
<p style="margin-bottom: 0;"><strong>Please use the following bibtex entry to cite our work:</strong>
<pre>
@article{mavroudis2017privacy,
title={On the Privacy and Security of the Ultrasound Ecosystem},
author={Mavroudis, Vasilios and Hao, Shuang and Fratantonio, Yanick and Maggi, Federico and Kruegel, Christopher and Vigna, Giovanni},
journal={Proceedings on Privacy Enhancing Technologies},
volume={2017},
number={2},
pages={95--112},
year={2017}
}
</pre>
</p>
</div>
</div>
<div id="Downloads" class="row">
<div class="tweleve columns">
<h2>Downloads</h2>
<p>This section includes our proof-of-concept countermeasures (all released under the <a
href="LICENSE.txt">Apache 2.0 license</a>):</p>
<ul>
<li>SilverDog: your sound firewall! A chrome extension that we
developed to filter ultrasound frequencies. [<a
href="https://github.com/ubeacsec/Silverdog">Source Code</a>]</li>
<li>Set of AOSP patches to implement a new permission to filter
ultrasound spectrum. The patch should apply cleanly against AOSP
android-5.0.0_r3. Note: it is just a research prototype! [<a
href="https://github.com/ubeacsec/AOSP-Patch">Download</a>]</li>
</ul>
<p>Feedback, ideas and source code contributions are <a href="https://github.com/ubeacsec">very welcome</a>!</p>
</div>
</div>
<div id="Press" class="row">
<div class="tweleve columns">
<h2>Press Coverage</h2>
<p>Articles covering our work (in reverse chronological order, non-exhaustive):</p>
<ul>
<li>WIRED, Apr 17th, 2018: <a href="https://www.wired.com/story/ultrasonic-signals-wild-west-of-wireless-tech/">Ultrasonic Signals are the Wild-west of Wireless Tech</a></li>
<li>Naked Security by Sophos, Jan 13th, 2017: <a href="https://nakedsecurity.sophos.com/2017/01/13/tor-users-at-risk-of-being-unmasked-by-ultrasound-tracking/">Tor users at risk of being unmasked by ultrasound tracking</a></li>
<li>Information Security Newspaper, Jan 4th, 2017: <a href="http://www.securitynewspaper.com/2017/01/04/ultrasound-tracking-used-deanonymize-tor-users/">Ultrasound Tracking Could Be Used To Deanonymize Tor Users</a></li>
<li>Bleeping Computer, Jan 3th, 2017: <a href="https://www.bleepingcomputer.com/news/security/ultrasound-tracking-could-be-used-to-deanonymize-tor-users/">Ultrasound Tracking Could Be Used to Deanonymize Tor Users</a></li>
<li>NDTV Gadgets360, Nov 14th, 2016: <a href="http://gadgets.ndtv.com/mobiles/news/your-phone-may-be-listening-to-ultrasonic-signals-for-better-ad-tracking-report-1625360">Your Phone May Be Listening to Ultrasonic Signals for Better Ad Tracking: Report</a></li>
<li>On The Wire, Nov 7th, 2016: <a href="https://www.onthewire.io/android-patch-released-to-stop-ultrasonic-tracking/">Android Patch Released to Stop Ultrasonic Tracking</a></li>
<li>The Metro, Nov 3rd, 2016: <a href="https://edition.metro.news/content/20161103.am/htmlpages/422591.html">Big Brother is listening</a></li>
<li>The Register, Nov 3rd, 2016: <a href="http://www.theregister.co.uk/2016/11/04/marketing_privacy/">Anti-ultrasound tech aims to foil the dog-whistle marketeers</a></li>
<!--<li>ArsTechnica, Nov 3rd, 2016: <a href="http://arstechnica.com/security/2016/11/how-to-block-the-ultrasonic-signals-you-didnt-know-were-tracking-you/">How to Block the Ultrasonic Signals You Didn’t Know Were Tracking You</a></li>-->
<li>WIRED, Nov 3rd, 2016: <a href="https://www.wired.com/2016/11/block-ultrasonic-signals-didnt-know-tracking/">How to Block the Ultrasonic Signals You Didn’t Know Were Tracking You</a></li>
<li>TechWorm, Nov 1st, 2016: <a href="http://www.techworm.net/2016/11/hackers-can-hack-smartphones-latops-hacking-inaudible-sounds-embedded-ads.html">Hackers can hack smartphones and laptops by hacking inaudible sounds embedded into ads</a></li>
<li>BitsHacker, Nov 1st, 2016: <a href="http://bitshacker.com/2016/11/01/device-can-hacked-using-inaudible-sounds-embedded-ads/">Device can be Hacked using inaudible Sounds embedded into ads</a></li>
<!--<li>Yahoo! News, Oct 31st, 2016: <a href="https://uk.news.yahoo.com/silent-hack-devices-hijacked-using-153746470.html">The silent hack: Devices can be hijacked using inaudible sounds embedded into ads</a></li>-->
<!--<li>TechSite, Oct 31st, 2016: <a href="http://www.techsite.io/p/474129">The silent hack: Devices can be hijacked using inaudible sounds embedded into ads</a></li>-->
<li>International Business Times, Oct 31st, 2016: <a href="http://www.ibtimes.co.uk/silent-hack-devices-can-be-hijacked-using-inaudible-sounds-embedded-into-ads-1589129" class="hyper doc">The silent hack: Devices can be hijacked using inaudible sounds embedded into ads</a></li>
<li>Fortune, Oct 30th, 2016: <a href="http://fortune.com/2016/10/30/soundwave-hacking/">Inaudible Soundwaves Expose a Spooky New Pathway for Hackers</a></li>
<li>Boing Boing, Oct 30th, 2016: <a href="https://boingboing.net/2016/10/30/sneaky-ultrasonic-adware-makes.html" class="hyper doc">Sneaky ultrasonic adware makes homes vulnerable to ultrasonic hacking</a></li>
<li>Yahoo! Sports: <a href="http://sports.yahoo.com/news/computer-apps-may-keep-listening-224643121.html" class="hyper doc">Some mobile apps continue to track ultrasound signals even when closed</a></li>
<li>On The Wire, Oct 30th, 2016: <a href="https://www.onthewire.io/silently-tracking-users-with-ultrasonic-beacons/" class="hyper doc">Silently Tracking Users With Ultrasonic Beacons</a></li>
<li>Digital Trends, <a href="http://www.digitaltrends.com/computing/university-college-london-ultrasonic-cross-device-hacking/" class="hyper doc">Some mobile apps continue to track ultrasound signals even when closed</a></li>
<li>Slashdot, Oct 30th, 2016: <a href="http://it.slashdot.org/story/16/10/30/1932216/" class="hyper doc">Serious Hacks Possible Through Inaudible Ultrasound</a></li>
<li>New Scientist, Oct 27th, 2016: <a href="http://www.newscientist.com/article/2110762/" class="hyper doc">Your Home’s Online Gadgets Could Be Hacked by Ultrasound</a></li>
</ul>
<p><strong>Want to write about this research?</strong> The <a
href="downloads/report.pdf">best starting point is our report</a>, as
it provides a detailed but easy-to-understand explanation of the
essential points.</p>
</div>
</div>
<footer class="row text-center text-pale">
<div class="tweleve columns">
<hr />
<p>©2016,2017 all rights are reserved to the respective authors.
<br />
<small>No dogs were harmed during this research, but <a
href="i/lara.gif">Lara</a>, our research assistant, played a
key role in some experiments.</small></p>
</div>
</footer>
</div>
<script>
(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
})(window,document,'script','https://www.google-analytics.com/analytics.js','ga');
ga('create', 'UA-2189459-11', 'auto');
ga('send', 'pageview');
</script>
</body>
</html>