Sneaky ultrasonic adware makes homes vulnerable to ultrasonic hacking


#1

Originally published at: http://boingboing.net/2016/10/30/sneaky-ultrasonic-adware-makes.html


#2

Once again, advertising makes everything worse.


#3

if you’re wondering why fluffy keeps peeing in the corner, this might explain it:


#4

How about links to download the browser extension and Android app?


#5

From the blackhat link:

Technically, this pairing happens through a receiver application installed on the phone or tablet. The business model is that users will receive rewards or useful services for keeping those apps active,

The lesson here is that when an app asks permission to send you push notifications, always say “no.”


#6

i have seen articles on similar tech before , and they MAY be true , BUT ! my ( computer ) speakers roll off so bad at higher frequencies that i suspected my hearing , and the cheap dollar store microphones that i employ at home are ahhh , pots frequency range ~ i mean , i do have ultrasonic transceivers that i use with my arduinos , and a tascam that can oversample , but , mmmm , i dunno ?? asking for ultrasound from microphones , chips and system software ( sampling rate and pre-filters and such ) , and speakers of common devices ?? which are ordinarily tasked to common mp3 quality , or about am radio of the '60s ???


#7

A really geeky solution would be for the device to administer a quick hearing test to determine how high the user can hear, and then roll off the frequencies above that. If you have never had the opportunity to listen to a sine sweep approaching 20kHz, it’s rather remarkable how steep the human ear rolls it off.


#8

I wonder if high fidelity is even needed, as long as the speakers and mic both respond somewhat to ultrasound. Perhaps a high data rate isn’t needed for the kinds of info being transmitted. Say you used wide-bandwidth pulses of ultrasound at high volume, at, say, 1 pulse/second. Perhaps the data would be transferred even though the speaker would struggle to emit it, and the mic would struggle to accept it. With heavy error correction, the data could get through, and it wouldn’t matter much what the frequency response was of the speaker and mic. It’s not like you’re transferring music.

I apologize if I’ve given anyone any ideas!


#9

I’m fairly certain I got roped into this while in the UK earlier this year. I was visiting my mother and using my iPad in the living room - an ad came on for a furniture retailer that we both remarked on because of the memorable name. Over the next week I was bombarded by Google ads for this same retailer even though I was not logged into Google, nor had I searched for anything remotely related to oak furniture in the UK.

It could be a coincidence, but these days when it comes to advertising practices I tend to favor the shadiest explanation.


#10

Given that it is effectively impossible to be paranoid enough about side channel attacks; or to think ill enough of the motives of Team Marketing; I can’t imagine this going even slightly well. At all.


#11

This topic was automatically closed after 5 days. New replies are no longer allowed.