[tbb-bugs] #20214 [Applications/Tor Browser]: Ultrasound Cross Device Tracking techniques could be used to launch deanonymization attacks against some users

Tor Bug Tracker & Wiki blackhole at torproject.org
Thu Sep 22 00:42:54 UTC 2016

#20214: Ultrasound Cross Device Tracking techniques could be used to launch
deanonymization attacks against some users
     Reporter:  VasiliosMavroudis         |      Owner:  tbb-team
         Type:  defect                    |     Status:  new
     Priority:  Medium                    |  Milestone:
    Component:  Applications/Tor Browser  |    Version:  Tor: unspecified
     Severity:  Normal                    |   Keywords:
Actual Points:                            |  Parent ID:
       Points:                            |   Reviewer:
      Sponsor:                            |
 Emerging cross-device tracking technologies based on ultrasound could be
 used to fully deanonymize TOR users.

 Advertisers started using ultrasounds to link multiple devices owned by
 the same user (i.e., perform ultrasound cross-device tracking, uXDT). For
 this purpose, they release advertising frameworks that can be incorporated
 in apps (e.g., android apps). These frameworks listen for series of tones
 in the ultrasonic spectrum, and once one is detected, they report it to
 the advertiser's servers.

 It is easy to see how this could be exploited. The attacker sets up a
 hidden service playing such a beacon on the background and lures the
 victim to visit it using Tor browser. Once the victim loads the page, the
 tone is played through the speakers, and his/her phone picks the inaudible
 tone up and reports it to the advertiser's server. A state level adversary
 can then easily retrieve the Tor user's IP (and other unique identifiers)
 from the advertiser.

 Since the technology is emerging, we believe that taking action now rather
 than later would be preferable.

 One solution would be to filter-out all inaudible frequencies emitted by
 each visited webpage. We have developed such an extension for Chrome and a
 similar addon can be easily developed for the Tor browser. However, since
 there are similar tracking technologies using the audible spectrum: it may
 be a good idea to disable audio by default when using the Tor browser, or
 ask for user permission each time. In practice, this could be done by
 asking the user through popups, similarly to those used when requesting
 access to the user's location and the microphone.

 We would be happy to provide more details and/or help in the development
 of a countermeasure for the Tor browser.

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20214>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tbb-bugs mailing list