Pierluigi Paganini May 08, 2017

Researchers at Technische Universitat Braunschweig published a study on 200+ Android mobile apps that are listening to your life through ultrasonic beacons.

Researchers at Technische Universitat Braunschweig in Germany recently published a finding that over 200 Android mobile applications are listening to your life through ultrasonic beacons.

Like digital electronic vampire bats, these apps are checking for ultrasonic beacons and the data is then used to track users and then serve them with targeted advertising.

Basically, software developers have combined with advertisers to have your phone pick up broadcast sounds inside stores, on TV and via the Internet.  The ultrasonic beacon sounds vibrate at 18,000 to 20,000 times a second which is well above the hearing of most people.  These beacon sounds are monitored covertly by the android phone applications which then transmit the results to the developer who in turn sells the information that you were in a specific store, or watching the tagged ad on TV or the Internet.

The process is relatively simple by programming standards.  The covert surveillance software is embedded into popular programs such as coupon offers, games or text message systems offered for free by various organizations.  The first time you run the program – it embeds an endless loop called a “service” so the surveillance portion is always running even when you are not using the app or have restarted your phone.  The surveillance software is also keyed to listen for specific frequencies of sound and will transmit that information when it detects that sound via a hidden internet link.

The technology and design employed by the app developers is similar in format to that used by the US Central Intelligence Agency (CIA) for surveillance as revealed by Wikileaks in their VAULT7 publications.  Companies caught using these apps so far include the Philippines versions of the McDonald’s and Krispy Kreme.  The German researchers also found four local retail stores also had ultrasonic beacons installed designed to trigger any listening cell phone.

“It was really interesting to find beacons at the entrance of some stores in two German cities,” says Erwin Quiring, a privacy researcher who worked on the study. “It affects all of us if there’s some kind of privacy invasive technique we don’t know about and which runs silently on phones.”

The applications, most of which are available on the Google Play Store, have not informed customers that they are being monitored and may continue to monitor them even after the app is uninstalled.  The app developers, companies and advertisers involved are clearly in violation of the privacy agreement to post on Google Play which requires developers to “comprehensively disclose how an app collects, uses and shares user data, including the types of parties with whom it’s shared.”

Google has not commented publically if they intend to pursue the developers for their privacy violations.  Under Google policy – the developers and the advertising corporations may be prohibited from using the Play store but a similar privacy violation by Uber against Apple only resulted in a quiet scolding and an apology.  It is unlikely that Google will banish large corporations such as McDonalds for breaking privacy requirements with surveillance apps distributed by the Play Store.

The researchers were able to focus their attention on one particular provider named Silverpush which now claims that it has disabled the tracking features in its applications.  However, the data shows that tracking apps developed with the Silverpush implanted covert surveillance technology have been downloaded more that 2 million times from Google Play.

Phone owners have few options when it comes to defending against this surveillance.  The most effective is to closely inspect your applications using the SETTINGS menu.  Each application has a permissions list which will show if they are allowed to record audio.

A hint to newbie users here – if you download a free flashlight app and it has audio recording permissions – it is doing more than turn on or off your cellphone light.

To demonstrate how easy it is to develop and use such a surveillance system we put together a card game program that has a secret listener hidden inside it.  The demonstration Black Jack program does not perform the “service” installation and only records 1 time after the game is started and stops when a player selects the “HIT” option.  The output is written to a file in MP4 format and stored openly on the external SD card under the name “BJ(date/time).mp4”.  The source code and signed Android APK run file are included in a zip file with a SHA256 check at:

https://www.softwar.net/blackjack.html

The differences between the demonstration program and the operational ultrasonic surveillance app systems are:

• 1 – Game demo does not install as a “SERVICE” so only runs when app is in use.
• 2 – Game demo does not have a special listener to detect ultrasonic beacon sounds.
• 3 – Game demo does not have a transmit feature to send data back to a controller.
• 4 – Game demo stores the recorded sound locally in a mp4 file so you can examine it.

However, as the demonstrator quickly shows, a surveillance application designed to pick up sound does not limit itself to just ultrasonic beacons but can pick up all sounds.  The ultrasonic beacon detection has to be programmed into the system to filter out other sounds.  While companies that employ this kind of targeting state they did not listen to conversations – the potential is there to re-transmit your conversations to a controller just as the CIA versions do.

All that is required is to remove the code filtering out the ultrasonic beacon sound, and insert a routine to transmit all the sounds that are picked up.  The end program would resemble a hidden one-way ISP phone service with everything within detection being relayed in real-time, or stored for later downloading if the phone is outside the range of an internet connection.

In addition, other information such as your phone number, GPS location and even proximity to the nearest beacons can be pinpointed, by advertisers who then market to you as if they were a salesman in your pocket, or by others who can abuse this technology.  When combined with GPS location and even video surveillance your cell phone not only becomes a major threat to privacy but to your personal security as well.

The question for phone makers, owners, and government officials is exactly what are we all going to do about this?  Phone makers can do a better job showing what powers each application is using and how the consumer can limit them.  Owners can actually take the time to be more cautious; observing that Caveat emptor – “Let the buyer beware” – applies to free downloaded applications.  Finally, government officials may want to consider new regulations on the use of such surveillance technology for marketing purposes.

About the author: Charles R. Smith is CEO of Softwar Inc. a US based information warfare company and a former national security journalist.

https://www.softwar.net

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – ultrasonic beacons, mobile)

[adrotate banner=”13″]