deanonymize Tor users by making nearby phones or computers send identity beacons back to advertisers, data which contains sensitive information that state-sponsored actors can easily obtain via a subpoena.
This attack model was brought to light
towards the end of 2016 by a team of six researchers, who presented
their findings at the Black Hat Europe 2016 security conference in November and the 33rd Chaos Communication Congress
held last week.
Their research focuses on the science of ultrasound
cross-device tracking (uXDT), a new technology that started being
deployed in modern-day advertising platforms around 2014. uXDT relies on
advertisers hiding ultrasounds in their ads.
When the ad plays on a TV
or radio, or some ad code runs on a mobile or computer, it emits
ultrasounds that get picked up by the microphone of nearby laptops,
desktops, tablets or smartphones.
These second-stage devices, who
silently listen in the background, will interpret these ultrasounds,
which contain hidden instructions, telling them to ping back to the
advertiser's server with details about that device.
Advertisers use uXDT
in order to link different devices to the same person and create better
advertising profiles so to deliver better-targeted ads in the future.