Abstract
Today’s evolving and inventive attacks allow an adversary to embed tracking identifiers or malicious triggers in ultrasonic sound and covertly transmit them between devices without the users’ knowledge. An adversary can exploit an electronic device by manipulating the microphone, gyroscope or speaker using ultrasonic sound. Almost all types of electronic devices are vulnerable to this type of attack. Indeed, some preventive measures are in place to counter ultrasonic invasion. However, they are primitive and often are not capable of detecting the attacks.
To this end, we propose FOCUS: Frequency based detection of Covert Ultrasonic Signals. In particular, FOCUS displays a low-end, low-cost ultrasonic detection mechanism that can be employed anywhere. We validate FOCUS through two proof-of-concept (PoC) implementations utilizing Raspberry Pi and Arduino based hardware modules, respectively. The results demonstrate that FOCUS can detect ultrasonic sound and alert users of possible ultrasonic invasion.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
- 2.
The upper hearing threshold in practice is around 17 kHz. Thus the near-ultrasonic range is 17–20 kHz.
- 3.
- 4.
- 5.
- 6.
- 7.
- 8.
- 9.
References
Arp, D., Quiring, E., Wressnegger, C., Rieck, K.: Privacy threats through ultrasonic side channels on mobile devices. In: 2017 IEEE European Symposium on Security and Privacy (EuroS P), pp. 35–47 (2017). https://doi.org/10.1109/EuroSP.2017.33
Arp, D., Quiring, E., Wressnegger, C., Rieck, K.: Bat in the Mobile: A Study on Ultrasonic Device Tracking (2016). https://www.sec.cs.tu-bs.de/pubs/2016-batmobile.pdf
Arp, D., Quiring, E., Wressnegger, C., Rieck, K.: Privacy threats through ultrasonic side channels on mobile devices. In: 2017 IEEE European Symposium on Security and Privacy (EuroS & P), pp. 35–47 (2017). https://doi.org/10.1109/EuroSP.2017.33
Butler, C.: Visa makes strategic investment in LISNR, a start-up that wants to rival technology used by Apple Pay, November 2019. https://www.cnbc.com/2019/11/05/visa-invests-in-lisnr-a-start-up-that-wants-to-rival-apple-pay.html. Accessed 01 May 2021
Carrara, B., Adams, C.: On acoustic covert channels between air-gapped systems. In: Cuppens, F., Garcia-Alfaro, J., Zincir Heywood, N., Fong, P.W.L. (eds.) FPS 2014. LNCS, vol. 8930, pp. 3–16. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-17040-4_1
Deshotels, L.: Inaudible sound as a covert channel in mobile devices. In: 8th USENIX Workshop on Offensive Technologies (WOOT 14). USENIX Association, San Diego, August 2014. https://www.usenix.org/conference/woot14/workshop-program/presentation/deshotels
Guri, M., Solewicz, Y., Elovici, Y.: Fansmitter: acoustic data exfiltration from air-gapped computers via fans noise. Comput. Secur. 91, 101721 (2020). https://doi.org/10.1016/j.cose.2020.101721. https://www.sciencedirect.com/science/article/pii/S0167404820300080
Guri, M., Solewicz, Y., Elovici, Y.: Speaker-to-speaker covert ultrasonic communication. J. Inf. Secur. Appl. 51, 102458 (2020). https://doi.org/10.1016/j.jisa.2020.102458. https://www.sciencedirect.com/science/article/pii/S2214212619304697
Guri, M., Solewicz, Y.A., Daidakulov, A., Elovici, Y.: DiskFiltration: data exfiltration from speakerless air-gapped computers via covert hard drive noise. CoRR abs/1608.03431 (2016). http://arxiv.org/abs/1608.03431
Joseph, T., Tyagi, K., Kumbhare, D.R.: Quantitative analysis of DTMF tone detection using DFT, FFT and Goertzel algorithm. In: 2019 Global Conference for Advancement in Technology (GCAT), pp. 1–4 (2019). https://doi.org/10.1109/GCAT47503.2019.8978284
Lampson, B.W.: A note on the confinement problem. Commun. ACM 16(10), 613–615 (1973). https://doi.org/10.1145/362375.362389. https://doi.org/10.1145/362375.362389
Madhavapeddy, A., Sharp, R., Scott, D., Tse, A.: Audio networking: the forgotten wireless technology. IEEE Pervasive Comput. 4(3), 55–60 (2005). https://doi.org/10.1109/MPRV.2005.50
Matyunin, N., Szefer, J., Katzenbeisser, S.: Zero-permission acoustic cross-device tracking. In: 2018 IEEE International Symposium on Hardware Oriented Security and Trust (HOST), pp. 25–32 (2018). https://doi.org/10.1109/HST.2018.8383887
Mavroudis, V., Hao, S., Fratantonio, Y., Maggi, F., Kruegel, C., Vigna, G.: On the privacy and security of the ultrasound ecosystem. In: Proceedings on Privacy Enhancing Technologies, pp. 95–112 (2017). https://doi.org/10.1515/popets-2017-0018
Mavroudis, V., Hao, S., Fratantonio, Y., Maggi, F., Kruegel, C., Vigna, G.: On the privacy and security of the ultrasound ecosystem. In: Proceedings of the 17th Privacy Enhancing Technologies Symposium, PETS 2017, pp. 95–112. DE GRUYTER (2017). https://doi.org/10.1515/popets-2017-0018
Acknowledgement
This work is supported by the ESCALATE project, funded by FWO and SNSF (G0E0719N), and by Cybersecurity Initiative Flanders (VR20192203).
Author information
Authors and Affiliations
Corresponding authors
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 IFIP International Federation for Information Processing
About this paper
Cite this paper
Hellemans, W., Rabbani, M.M., Vliegen, J., Mentens, N. (2022). FOCUS: Frequency Based Detection of Covert Ultrasonic Signals. In: Meng, W., Fischer-Hübner, S., Jensen, C.D. (eds) ICT Systems Security and Privacy Protection. SEC 2022. IFIP Advances in Information and Communication Technology, vol 648. Springer, Cham. https://doi.org/10.1007/978-3-031-06975-8_5
Download citation
DOI: https://doi.org/10.1007/978-3-031-06975-8_5
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-06974-1
Online ISBN: 978-3-031-06975-8
eBook Packages: Computer ScienceComputer Science (R0)