Ultrasound Cross Device Tracking techniques could be used to launch deanonymization attacks against some users

Emerging cross-device tracking technologies based on ultrasound could be used to fully deanonymize TOR users.

Advertisers started using ultrasounds to link multiple devices owned by the same user (i.e., perform ultrasound cross-device tracking, uXDT). For this purpose, they release advertising frameworks that can be incorporated in apps (e.g., android apps). These frameworks listen for series of tones in the ultrasonic spectrum, and once one is detected, they report it to the advertiser's servers.

It is easy to see how this could be exploited. The attacker sets up a hidden service playing such a beacon on the background and lures the victim to visit it using Tor browser. Once the victim loads the page, the tone is played through the speakers, and his/her phone picks the inaudible tone up and reports it to the advertiser's server. A state level adversary can then easily retrieve the Tor user's IP (and other unique identifiers) from the advertiser.

Since the technology is emerging, we believe that taking action now rather than later would be preferable.

One solution would be to filter-out all inaudible frequencies emitted by each visited webpage. We have developed such an extension for Chrome and a similar addon can be easily developed for the Tor browser. However, since there are similar tracking technologies using the audible spectrum: it may be a good idea to disable audio by default when using the Tor browser, or ask for user permission each time. In practice, this could be done by asking the user through popups, similarly to those used when requesting access to the user's location and the microphone.

We would be happy to provide more details and/or help in the development of a countermeasure for the Tor browser.

Trac:
Username: VasiliosMavroudis