UCL Discovery
UCL home » Library Services » Electronic resources » UCL Discovery

On the Privacy and Security of the Ultrasound Ecosystem

Mavroudis, V; Hao, S; Fratantonio, Y; Maggi, F; Kruegel, C; Vigna, G; (2017) On the Privacy and Security of the Ultrasound Ecosystem. Proceedings on Privacy Enhancing Technologies , 2017 (2) pp. 95-112. 10.1515/popets-2017-0018. Green open access

[thumbnail of [22990984 - Proceedings on Privacy Enhancing Technologies] On the Privacy and Security of the Ultrasound Ecosystem (1).pdf]
Preview
Text
[22990984 - Proceedings on Privacy Enhancing Technologies] On the Privacy and Security of the Ultrasound Ecosystem (1).pdf - Published Version

Download (1MB) | Preview

Abstract

Nowadays users often possess a variety of electronic devices for communication and entertainment. In particular, smartphones are playing an increasingly central role in users’ lives: Users carry them everywhere they go and often use them to control other devices. This trend provides incentives for the industry to tackle new challenges, such as cross-device authentication, and to develop new monetization schemes. A new technology based on ultrasounds has recently emerged to meet these demands. Ultrasound technology has a number of desirable features: it is easy to deploy, flexible, and inaudible by humans. This technology is already utilized in a number of different real-world applications, such as device pairing, proximity detection, and cross-device tracking. This paper examines the different facets of ultrasound-based technology. Initially, we discuss how it is already used in the real world, and subsequently examine this emerging technology from the privacy and security perspectives. In particular, we first observe that the lack of OS features results in violations of the principle of least privilege: an app that wants to use this technology currently needs to require full access to the device microphone. We then analyse real-world Android apps and find that tracking techniques based on ultrasounds suffer from a number of vulnerabilities and are susceptible to various attacks. For example, we show that ultrasound cross-device tracking deployments can be abused to perform stealthy deanonymization attacks (e.g., to unmask users who browse the Internet through anonymity networks such as Tor), to inject fake or spoofed audio beacons, and to leak a user’s private information. Based on our findings, we introduce several defense mechanisms. We first propose and implement immediately deployable defenses that empower practitioners, researchers, and everyday users to protect their privacy. In particular, we introduce a browser extension and an Android permission that enable the user to selectively suppress frequencies falling within the ultrasonic spectrum. We then argue for the standardization of ultrasound beacons, and we envision a flexible OS-level API that addresses both the effortless deployment of ultrasound-enabled applications, and the prevention of existing privacy and security problems.

Type: Article
Title: On the Privacy and Security of the Ultrasound Ecosystem
Open access status: An open access version is available from UCL Discovery
DOI: 10.1515/popets-2017-0018
Publisher version: https://doi.org/10.1515/popets-2017-0018
Language: English
Additional information: This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License. The images or other third party material in this article are included in the Creative Commons license, unless indicated otherwise in the credit line; if the material is not included under the Creative Commons license, users will need to obtain permission from the license holder to reproduce the material. To view a copy of this license, visit https://creativecommons.org/licenses/by-nc-nd/4.0/
Keywords: Ultrasounds; Deanonymization; Privacy Violation; Cross-device Linking
UCL classification: UCL
UCL > Provost and Vice Provost Offices > UCL BEAMS
UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science
UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science > Dept of Computer Science
URI: https://discovery.ucl.ac.uk/id/eprint/10113437
Downloads since deposit
213Downloads
Download activity - last month
Download activity - last 12 months
Downloads by country - last 12 months

Archive Staff Only

View Item View Item