Boffins blast beats to bury secret sonar in your 'smart' home
Your Amazon Echo could live a double life as an echo-location device
Researchers at the University of Washington have devised a way of conducting surreptitious sonar surveillance using home devices equipped with microphones and speakers.
The technique, called CovertBand, looks beyond the obvious possibility of using a microphone-equipped device for eavesdropping. It explores how devices with audio inputs and outputs can be turned into echo-location devices capable of calculating the positions and activities of people in a room.
In a paper [PDF] titled "CovertBand: Activity Information Leakage using Music," Rajalakshmi Nandakumar, Alex Takakuwa, Tadayoshi Kohno, and Shyamnath Gollakota describe a way to transmit acoustic pulses in the 18‑20 kHz range, masked by music, from the speaker and tracking sound reflected by the human body using microphones.
"Our implementation, CovertBand, monitors minute changes to these reflections to track multiple people concurrently and to recognize different types of motion, leaking information about where people are in addition to what they may be doing," the paper explains.
Sounds of 18‑20 kHz are within the range of human hearing for some people. What's more, the speakers of home devices tend to create audible harmonics when playing sounds at this frequency.
To conceal the sound signals, the researchers propose a compromised media app that plays music to cover sonar pings. They suggest that a malicious advertising library would be a suitable vehicle for implementing this capability.
Not all songs work equally well to hide the attack. Songs with lots of percussion proved the most effective at masking sonar pulses, according to the paper.
The researchers tested CovertBand in five homes in the Seattle area and were able to demonstrate that they could identify the position of multiple individuals through barriers.
"These tests show CovertBand can track walking subjects with a mean tracking error of 18cm and subjects moving at a fixed position with an accuracy of 8cm at up to 6m in line-of-sight and 3m through barriers," the paper says.
CovertBand is one of several potential mechanisms for tracking people's location using sound, including frequency-modulated continuous-wave radar, software-based radios, Wi-Fi signals, gesture sonar, and acoustic couplers attached to walls. The authors suggest their approach has the advantage of working with off-the-shelf hardware.
There are a number of possible defenses, such as soundproofing, high-frequency jamming, and countermeasures involving smartphone apps or a Raspberry Pi with a mic. But, the researchers explain, these assume that a victim is aware of the risks and is taking steps to mitigate them.