Sign In

Communications of the ACM

ACM TechNews

­ltrasound Tracking Could Be ­sed to Deanonymize Tor ­sers

How the ultrasound cross-device tracking scheme works.

Researchers say ultrasounds emitted by advertising or by JavaScript code hidden on a page accessed through the Tor Browser can deanonymize Tor users.

Credit: Vasilios Mavroudis

Ultrasounds emitted by ads or JavaScript code hidden on a page accessed through the Tor Browser can deanonymize Tor users by making nearby phones or computers send identity beacons back to advertisers, according to a team of six researchers.

The study is focused on the science of ultrasound cross-device tracking (uXDT), a new technology that started being deployed in modern-day advertising platforms in 2014. The technology relies on advertisers hiding ultrasounds in their ads that get picked up by the microphone of nearby second-stage devices such as laptops, desktops, tablets, or smartphones. The devices interpret the ultrasounds, which contain hidden instructions for pinging back to the advertiser's server with details about that device.

The researchers developed an attack that relies on tricking a Tor user into accessing a Web page that contains ads that emit ultrasounds, or accessing a page that contains hidden JavaScript code that forces the browser to emit the ultrasounds via the HTML5 Audio API. If the Tor user has a phone nearby and if certain types of apps are on the phone, the mobile device will ping back one or more advertisers with details about the device. The mobile phone must have an app installed that has an embedded advertising software development kit with support for uXDT.

From BleepingComputer
View Full Article


Abstracts Copyright © 2017 Information Inc., Bethesda, Maryland, USA


No entries found