On the Privacy and Security of the Ultrasound Ecosystem

@article{Mavroudis2017OnTP,
  title={On the Privacy and Security of the Ultrasound Ecosystem},
  author={Vasilios Mavroudis and Shuang Hao and Yanick Fratantonio and Federico Maggi and Christopher Kr{\"u}gel and Giovanni Vigna},
  journal={Proceedings on Privacy Enhancing Technologies},
  year={2017},
  volume={2017},
  pages={112 - 95}
}
Abstract Nowadays users often possess a variety of electronic devices for communication and entertainment. In particular, smartphones are playing an increasingly central role in users’ lives: Users carry them everywhere they go and often use them to control other devices. This trend provides incentives for the industry to tackle new challenges, such as cross-device authentication, and to develop new monetization schemes. A new technology based on ultrasounds has recently emerged to meet these… 

Figures and Tables from this paper

Zero-permission acoustic cross-device tracking
TLDR
A novel approach to acoustic cross-device tracking is introduced, which does not require microphone access, but instead exploits the susceptibility of MEMS gyroscopes to acoustic vibrations at specific (ultrasonic) frequencies.
Fatal attraction: identifying mobile devices through electromagnetic emissions
TLDR
The findings suggest that the magnetic field emitted by smartphones is unique and fingerprinting devices based on this feature can be performed without the knowledge or cooperation of users.
Intra-Library Collusion: A Potential Privacy Nightmare on Smartphones
TLDR
It is found that many popular third-party libraries have the potential to aggregate significant sensitive data from devices by using intra-library collusion, and it is demonstrated that several popular libraries already collect enough data to facilitate this attack.
Privacy Threats of Acoustic Covert Communication among Smart Mobile Devices
TLDR
Experiments show that UltraFilter can prevent users’ private information from leaking and reduce system load and that the audio frequencies can pose threats to user privacy.
iGuard: A Real-Time Anti-Theft System for Smartphones
TLDR
The basic idea behind iGuard is to distinguish different people holding a smartphone, by identifying the order of the motions during the ‘take-out’ behavior and how each motion is performed, and a Markov based model to track the behavior of a smartphone user is proposed.
Panoptispy: Characterizing Audio and Video Exfiltration from Android Applications
TLDR
This study reveals several alarming privacy risks in the Android app ecosystem, including apps that over-provision their media permissions and apps that share image and video data with other parties in unexpected ways, without user knowledge or consent.
Wearable Devices and Privacy Concerns
TLDR
In this chapter, the authors discuss the types of sensor technologies embedded in wearable devices and how the data collected through such devices can be further interpreted by data analytics.
A Privacy Analysis of Cross-device Tracking
TLDR
It is shown that the similarity of IP addresses and Internet history for a user’s devices gives rise to a matching rate of F-1 = 0.91 for connecting a mobile to a desktop device in the authors' dataset, which is especially noteworthy in light of the increase in learning power that cross-device companies may achieve by leveraging user data from more than one device.
On the Feasibility of Acoustic Attacks Using Commodity Smart Devices
TLDR
The feasibility of cyber-attacks that could make smart consumer devices produce possibly imperceptible sound at both high and low frequencies, at the maximum available volume setting, potentially turning them into acoustic cyber-weapons is investigated.
TALON: An Automated Framework for Cross-Device Tracking Detection
TLDR
A novel methodology for detecting CDT and measuring the factors affecting its performance, in a repeatable and systematic way is proposed, based on emulating realistic browsing activity of end-users, from different devices, and thus triggering and detecting cross-device targeted ads.
...
1
2
3
4
...

References

SHOWING 1-10 OF 61 REFERENCES
Inaudible Sound as a Covert Channel in Mobile Devices
TLDR
This work implemented an ultrasonic modem for Android and found that it could send signals up to 100 feet away and was practical with the transmitter inside of a pocket, and proposed two sound-based covert channels, ultrasonic and isolated sound.
AuDroid: Preventing Attacks on Audio Channels in Mobile Devices
TLDR
An extension to the SE Linux reference monitor integrated into the Android operating system for enforcing lattice security policies over the dynamically changing use of system audio resources, AuDroid shows that it is possible to prevent attacks using audio channels without compromising functionality or introducing significant performance overhead.
Examining the characteristics and implications of sensor side channels
TLDR
The ultimate goal of this work is to illustrate the need for intrusion detection systems (IDSs) that not only monitor the RF channel, but also monitor the values returned by the sensory components.
Take This Personally: Pollution Attacks on Personalized Services
Modern Web services routinely personalize content to appeal to the specific interests, viewpoints, and contexts of individual users. Ideally, personalization allows sites to highlight information
Information leakage through mobile analytics services
TLDR
It is demonstrated the ease with which an external adversary can extract individual's profile and mobile applications usage information, through two major mobile analytics services, i.e. Google Mobile App Analytics and Flurry.
Betrayed by Your Ads! - Reconstructing User Profiles from Targeted Ads
TLDR
This paper shows that targeted ads expose users' private data not only to ad providers but also to any entity that has access to users' ads, and proposes a methodology to filter targeted ads and infer users' interests from them.
Spoiled Onions: Exposing Malicious Tor Exit Relays
TLDR
This work monitored the Tor network after developing two fast and modular exit relay scanners—one for credential sniffing and one for active MitM attacks and implemented several scanning modules for detecting common attacks and used them to probe all exit relays over a period of several months.
On Covert Acoustical Mesh Networks in Air
TLDR
It is shown that the concept of a covert acoustical mesh network renders many conventional security concepts useless, as acoustICAL communications are usually not considered.
Selling Off Privacy at Auction
TLDR
A privacy analysis of CM and RTB is performed and it is shown that users with known Web browsing history are evaluated higher than new comers, that some user profiles are more valuable than others, and that users' intents are sold at higher prices than users' Web browsing histories.
Tor: The Second-Generation Onion Router
TLDR
This second-generation Onion Routing system addresses limitations in the original design by adding perfect forward secrecy, congestion control, directory servers, integrity checking, configurable exit policies, and a practical design for location-hidden services via rendezvous points.
...
1
2
3
4
5
...