Home / Series / Chaos Communication Congress / Aired Order / Season 33 / Episode 104

Talking Behind Your Back

Speakers: Vasilios Mavroudis, Federico Maggi In the last two years, the marketing industry started to show a fast increasing interest in technologies for user cross-device tracking, proximity tracking, and their derivative monetization schemes. To meet these demands, a new ultrasound-based technology has recently emerged and is already utilized in a number of different real-world applications. Ultrasound tracking comes with a number of desirable features (e.g., easy to deploy, inaudible to humans), but alarmingly until now no comprehensive security analysis of the technology has been conducted. In this talk, we will publish the results of our security analysis of the ultrasound tracking ecosystem, and demonstrate the practical security and privacy risks that arise with its adoption. Subsequently, we will introduce some immediately deployable defense mechanisms for practitioners, researchers, and everyday users. Finally, we will initiate the discussion for the standardization of ultrasound beacons, and outline our proposed OS-level API that enables both secure and effortless deployment for ultrasound-enabled applications. This talk will present the outcomes of the first comprehensive security study on the ultrasound tracking ecosystem. This ecosystem remained almost unknown to the general public until recently, when a newly-founded company faced the nemesis of the security community and the regulators (e.g., the Federal Trade Commission) for its controversial tracking techniques. However, there are many more “traditional players” using ultrasound tracking techniques for various purposes, raising a number of levels of security and privacy issues with different security and privacy models. In general, the main advantage of the ultrasound technology compared to already existing solutions is that it does not require any specialized equipment (unlike wifi and bluetooth), while it remains inaudible to humans. For this reason, the technology is already utili

English
  • Originally Aired December 29, 2016
  • Runtime 60 minutes
  • Production Code 8336
  • Created December 28, 2016 by
    Administrator admin
  • Modified December 28, 2016 by
    Administrator admin