back to article Welcome to your sci-fi dystopia: Sonic firewalls to crumble inaudible ad-tracking phone cookies

Boffins in Austria have developed a defense against acoustic cookies, a form of ad tracking by which smartphones can send and receive data using sounds people can't hear. App developers can implement ultrasound data transfer on their own or using various SDKs, such as XT Audio Beacons or Lisnr, or the Google Nearby API. ads …

  1. AMBxx Silver badge

    Someone explain please

    I thought that all the popular audio compression methods removed anything that humans couldn't hear to save bandwidth?

    1. AustinTX

      I've always felt uncomfortable with this statement

      Sonic cookies are not anything like playing MP3s. The sounds are being generated directly by the offending apps. There's no compression process because that's an unrelated thing pertaining to saving storage space.

    2. Lee D Silver badge

      Re: Someone explain please

      Someone please explain why you can't just put a filter on the speaker that will filter out inaudible sounds anyway. Why would you WANT inaudible sounds to play? Surely that's just EM interference, power usage etc. that you don't need.

      I imagine, what, a single inductor/cap of the right value would filter those sounds right out of playing anyway?

      1. Anonymous Coward
        Anonymous Coward

        Re: Someone explain please

        Most likely because the frequency that can be played by a speaker are not discrete values that can be switched on and off separately. Applying a filter on inaudible frequencies is likely to distort audible ones.

        And of course, there's the meatspace issue: what's audible for some human beings is not for others, so it's not like you could just apply a one-size-fits-all filter.

      2. Mage Silver badge

        Re: Someone explain please

        It's not exactly ultrasonic:

        1) The source (not usually the phone) often can playback more than 18KHz to 19kHz, the Nyquist limit on speaker source is 24kHz for 48KHz samples and 22kHz for 44KHz.

        Few people can hear above 16KHz, almost no adults. So likely the "cookies" are between 16KHz and 18KHz, to be inaudible to most people and pass through the post DAC low pass filter.

        The electret microphone is is used by the spying app on phone (or possibly even Android TV, Echo etc). I've tested small ones and they do reduce output after 20KHz due to self capacitance. They do pick up 40KHz true Ultrasonic transmitters and may work to over 60KHz.

        The Spying App has to use the onboard ADC, which will typically sample at 48KHz, thus anything above 24KHz will alias. Likely there is SOME analogue filtering in from of ADC or else 40KHz "rodent" controller (they might annoy dogs and Guinea pigs but no evidence they deter rats & mice) would cause a 8KHz whistle, as the aliasing is like multiplicative mixing.

        So it's likely these are 16KHz to 18kHz band. I have a suitable microphone sensor and a spectrum analyser. Anyone tell me where I can hear them?

  2. Blockchain commentard Silver badge

    Goodbye battery life.

  3. Anonymous Coward
    Anonymous Coward

    Wonder if dogs and cats will react unfavourably - like they were reputed to do with ultrasonic TV remote controls.

  4. Chris G Silver badge

    Where there's a way, there's a will

    To abuse it.

    So far I have found no need to use voice to turn on or otherwise control my phone, I have voice control disabled and no permissions granted except for my camera app.

    There are too many solutions for nonexistent problems, it seems a lot of usability and apps are designed from the outset for abuse.

    1. IT Hack

      Re: Where there's a way, there's a will

      Lazy devs. Or devs who have been badly trained. Or devs who don't give a fuck.

      I am sure management has some input into this as well.

  5. chivo243 Silver badge

    Click bait

    Here I thought there was something new in Sonic Firewalls from Dell... You do know there is a product called a Sonic Firewall?

    1. Sandtitz Silver badge

      Re: Click bait @chivo

      "Here I thought there was something new in Sonic Firewalls from Dell... You do know there is a product called a Sonic Firewall?"

      When using the Pedantic grammar nazi alert icon you really should double-check your facts.

      a) the firewall brand is Sonicwall

      b) Dell sold the Sonicwall business couple years ago


  6. Sorry that handle is already taken. Silver badge
    Big Brother


    Rockets landing on their tails are cool enough but on balance I hate this "future". Stop the train, I want to get off.

    1. Pascal Monett Silver badge

      Re: JTFC

      I never use my phone for anything else than actually talking to people. I don't download apps and I barely use any of the ones provided out-of-the-box.

      Of course, if actual permission granularity was provided in the phone OS by default, maybe I'd venture a bit forward in this domain. As it is, I consider phones and app stores to be a nest of vipers waiting to strike at my privacy.

      1. Chris G Silver badge

        Re: JTFC

        @ Pascal

        You will be surprised how many out-of-the-box apps are enabled and the permissions they already have, it's worth checking.

      2. iron Silver badge

        Re: JTFC

        " if actual permission granularity was provided in the phone OS by default"

        If you actually knew how to use your phone you would find it is. Doesn't even matter which OS you prefer, both have had individual permissions for apps for a couple of years now and you can even continue to use most apps with a less than complete set of the permissions they request.

        1. Steve Gill

          Re: JTFC

          But the permissions definitions used are far too wide ranging and nowhere near granular enough to have any control over them.

  7. Anonymous Coward
    Anonymous Coward

    The elephant in the room...

    ...why do we even need this technology?

    Stop mics and speakers working over 25khz.


    1. Mage Silver badge

      Re: The elephant in the room...

      "Stop mics and speakers working over 25khz."

      It's dubious that they use over 21KHz (22.05 or 24kHz Nyquist limits)

      You'd have to limit them to 12KHz to be sure older people can't hear. A bit less than FM Radio.

      Most people can't hear above 16KHz to 18KHz.

      HiFi people would be upset.

  8. Anonymous Coward
    Anonymous Coward

    No...the customer is not always correct...the customer is always being expoited!


    And here we have yet another technical exploit implemented to exploit paying customers...behind their backs. I wonder who benefits....certainly not the customer - who doesn't even know it's going on.


    Welcome to the future.

    1. Chris G Silver badge

      Re: No...the customer is not always correct...the customer is always being expoited!

      Smart phones and the IoT are definitely going to continue in this direction until the World in general gets smart enough to slap them down, I won't be holding my breath waiting for that event.

      The consumer is not only the product but they have to pay for it too.

  9. Chozo


    What next, phones & TV's without an Off switch? .... oh wait

  10. mark l 2 Silver badge

    So some apps can listen to what adverts are showing on my TV/Radio, what use is this to the app developer? TV/radio ads are linear and therefore everyone watching that channel or listening to that station gets the same ads.

    1. herman Silver badge

      It reminds me of Spamradio, which was a joke project to automatically read spam.

    2. Chronos Silver badge

      They know which channel you're watching, what is playing on that channel and it gives them a further interest to add to your profile. If the TV is "smart" they could also possibly get a rough, WiFi derived location from the exchange. You're not thinking like an ad-flinger.

      Filter ultrasound on the handset;

      Add _nomap to your SSID;

      Firewall the "smart" TV by MAC.

      Or just forget all this nonsense and read a (real) book.

  11. Chronos Silver badge

    App schmapp...

    I've had a variant of this patch in my custom Nougat build for about a year now. Oreo seems to break it but I'm sure I'll get around to finding out why when Oreo is stable on my device.

  12. drwesty

    Personally I shield myself with a small cluster of bats. This also has the added benefit that nobody can make any building alterations around me without a bat survey.

    Actually I think there’s something here for me and my bats.


    Buffer Overflow By Bat

    So you need to identify a vulnerability in the ultrasound message parsing code in the application, develop an exploit for it, and then train your bats to go out and deliver the payload to unsuspecting day walkers.

    All I need now is a suitable logo!

    Oh, and bats. Definitely need bats.

    1. onefang Silver badge

      You should check your belfry, I think you lost a few.

      1. VikiAi Silver badge

        Because you're !Batman! ?

  13. TRT Silver badge

    Acoustic cookies?

    You mean audible air biscuits?

  14. Anonymous Coward
    Anonymous Coward

    I'll have to add this to my list

    I'm working on a simple scanner using YARA based rules to check apps for embedded Facebook API's and hashes/keywords I've pulled from my growing list of malicious apps.

    I have a copy of the original SuperFish demo app to work with.

  15. CommanderGalaxian

    We might not be able to hear the ultrasonic beacons, but...

    Think of the cats and dogs. As these things and their countermeasures become more common, it's going to get pretty miserable for our pets.

  16. DrM
    Big Brother

    Ah ha!

    Now I know why my pet bat Eric didn't like the smartphone I got him.

  17. x 7

    I can see the BBC using this technology to match TV licences to users and geographic location

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019