Internet privacy and security course
About translation
Previous Next

Chapter 69

Cross-device tracking. Deanonymization of users of Tor, VPN, proxy using sound beacons

Cross-device tracking is a type of attack that represents the ability to track a user through multiple devices as the same time. This is an old dream of marketologists, but not only they liked this technology, it appeared to be effective in deanonymizing cybercriminals who use Tor, VPN and proxy to hide the real IP address.

In this chapter, I will talk about sound beacons, which is a very dangerous attack such as cross-device tracking, which allows one to deanonymize VPN, Tor or proxy users, even if the latter do everything correctly. You do not need to wander into the jungle of technical knowledge, you need to understand only the principle of its work and methods of protection.

You must have come across sociological surveys when they call you home and ask if someone is watching television now and if so, specify which channel. Thus, for example, 1000 people are rung over and the percentage ratio is calculated. Channels need this in order to, firstly, understand the interests of the audience, and secondly, to understand the coverage, which is important for selling ads.

It is also important for marketologists to select the time they order advertising more accurately and to estimate the amount of views of the ordered advertising more accurately as well. However, this method of obtaining the data has a high error chance and relatively low coverage.

Imagine that your voice assistant in your phone, which, as you probably could see, understands live speech perfectly well, will intercept the perimeter and determine which channel you are currently watching. To do this, advertising on the channel will contain phrases-beacons (for example, there will be “commercials on the First Federal”), which the phone catches, and then sends information to the server that you are currently watching a particular channel or are listening to a precise radio station.

This is a cheap and effective technology, but engineers want to make it even better and use sound signals that a human hearing system is unable to recognize. Based on the speeches, engineers have succeeded quite well in it. But we are not a marketing course, and this technology interests us exclusively as a tool for deanonymization.

The site was opened and the hacker was revealed

Imagine yourself as a very dangerous hacker, wanted by the FBI. You go to a trap site, specially prepared to catch you. This site is absolutely harmless, it will not arrange any attacks, it may even be a page of a popular site, the owner of which, together with the FBI, will create it for you.

You are surfing the site calmly, you can’t be hacked with a simple attack, you thought well about security and use Whonix. This is really a very good defense against active deanonymization methods. And then you visit the site and hear the sound, but nothing suspicious and dangerous happens. Even if you suspect something and close the site, nothing will change.

This sound is heard by your phone, and for the one it is a signal. Suppose a voice assistant developer on your mobile device or one of the applications that has access to the microphone is coworking with the FBI. Data on the receipt of the signal will be immediately transmitted by the device to the server along with the coordinates and the IP address.

Well, you do have Whonix on your computer, but it is unlikely that your phone is equally secure. You did everything right, just not everything was taken into account. If you ever need a laptop with maximum security, you need to turn off the sound, better with a soldering iron, but you can also use the settings menu. We have already given a similar recommendation in the chapter on another threat, like interception via dynamics and speakers.

 

Tip

When setting the maximum anonymity, turn off the speakers, it would be better to do this at the wire level.

The second advice you will enjoy less, if you are Edward Snowden and you are actively being looked for by the FBI, you should abandon the smartphone. Use a simple push-button telephone or a special security-oriented phone with very limited functionality and a list of installed applications. The same goes for the tablet.

 

Tip

Give up your smartphone or use special security-oriented devices.

And if you are a simple user and want to customize your security without irreversible loss of sound, in the chapter on browser configuration, we will set up the restriction of playing sounds. Although this is a basic but reliable protection against deanonymization with the help of sound beacons.

 

Tip

Adjust the restriction of playing sounds in the browser.

Why is this attack so effective

As a rule, deanonymization involves obtaining a genuine IP address, and it is difficult to identify an individual by an IP address, especially if the cybercriminal is in another country.

In the case of cross-device tracking, the phone can send all the information opened, since the coordinates, the phone number, the contacts in the address book, the Google / Apple account, the call history / SMS, and the list of used Wi-Fi are more than enough for identification.

Does the method of deanonymization work with sound beacons?

Yes, it does. Using this link, you can see a demonstration of deanonymization of a user of Tor using cross-device tracking, and in this case sounds that are not hearable to the human ear are used.

Previous
7033
Next