
Quiet for Android – TCP over sound - adulau
https://github.com/quiet/org.quietmodem.Quiet
======
jzelinskie
Today I learned that you can actually abuse the system bus on some macbooks to
actually send audio over AM radio[0]. Even scarier, you can do it from the
browser[1]. And now this library[2] will let you open a TCP connection over
the radio to download off that data machine. This is shaping up to be a pretty
cool attack PoC!

[0]: [https://github.com/fulldecent/system-bus-
radio](https://github.com/fulldecent/system-bus-radio)

[1]: [https://fulldecent.github.io/system-bus-
radio](https://fulldecent.github.io/system-bus-radio)

[2]: [https://github.com/quiet/quiet-js](https://github.com/quiet/quiet-js)

~~~
opencl
Code running in your browser gaining a TCP connection seems like the least
scary use case of this possible- presumably it already has a TCP connection in
the first place.

~~~
pitaj
Could you possibly use the radio transmission to triangulate someone's
location?

~~~
jagger27
The range is quite low. If you can hear the radio you already know where it
is.

------
joshumax
For those of you interested, there was an app called Chirp by Animal Systems
that allowed you to transfer messages and shortcodes of hosted media content
over audible frequencies. Despite being rather ear-piercing each time a Chirp
was sent, it was still a very interesting principal. I remember reverse
engineering the protocol and error correction mechanisms (it was a varient of
the Reed-Solomon algorithm iirc) with a friend for a little household
"internet of things" that communicated over sound. I still have a few
temperature monitoring devices around the house that sing a little tune based
on the RE'd code every few hours to report back to my RasPi on home
temperature data.

Judging by the fact that this was in my GitHub stars list from about a year
ago, it looks like I was considering transitioning to something more open.
With the right encryption and error correction mechanisms I think this type of
technology could be really useful for short-range home iot communication.

~~~
pavel_lishin
Using something that sounds like bird calls - or something else that's
pleasant - to transmit data sounds like a pretty neat idea for a smart home.
It would expose the otherwise-invisible artificial ecosystem you're living in.

~~~
SimbaOnSteroids
Imagine your smart home ecosystem that sounds like the Amazon ecosystem. That
sounds like the kind of thing that would actually push me the extra edge to
wire my home up.

~~~
jhayward
Back in the mainframe days I spent many late nights in the machine room doing
systems janitor work. I could easily identify which workload was running, and
what phase, by the ambient noise of disk and tape drives.

I can imagine your house chirping and tweeting about, when suddenly you wake
from a deep sleep saying "what was that!" when some unusual pattern of sound
happens.

The pattern matching and decoding portions of our brain never, ever, stop
their efforts and are wired deeply in to the survival mechanisms we have.

~~~
rhizome
I once read that Brian Eno did an experiment about this. He recorded something
like 30min of outside noise in order to see if he could learn "how it goes,"
just like you learn how a piece of music goes. "Wind rustle, dog barks, more
wind, a horn honk, then the garbage truck goes by and a bottle falls out and
breaks," etc. It was a successful experiment.

~~~
jrickert
I had a similar personal experience. For years growing up I slept to a white
noise machine that played a 3-second recording of a mountain stream. I became
intimately familiar with the clip and could anticipate every trickle, the
changing pitches of different water droplets, and the length of the loop. I
can still conjure it from memory in great detail.

Intriguingly, on a single night I experienced some sort of hypnogogic auditory
hallucination that caused the sound to lose all familiarity. Instead, I
perceived the sound of a male singer arpeggiating rapidly. I found it highly
disturbing.

~~~
mgkimsal
never knew how to phrase it, but I've had that a couple of times in the past
few years. I've had to get really picky abouth the white noise sounds I listen
to. Eventually, almost all the loops become identifiable - I can tell when the
loop restarts, etc. I had two different loops (both of water sounds -
waterfalls, maybe? - iirc) that, at some point, started to register as human
voices, and it freaked me out more than a bit.

fwiw, the only thing that works well for me is masking any other sounds with a
mix of grey and brown noise on top. i use 'white noise app' to achieve this,
and it helps me get to sleep, masking out many other ambient disturbances
(road/car noises, mostly).

~~~
Epholys
For everything about noises, I highly recommend mynoise.net. It has a ton of
high quality sound generator which does not loop. If it is too monotonous, you
can automatically "animate" the sounds which modify continuously the sounds at
different frequencies.

------
brian-armstrong
Hey everyone, author of the library here.

There's a live JS demo of this you can try for yourself at
[https://quiet.github.io/quiet-js](https://quiet.github.io/quiet-js) which
demonstrates the audible and ultrasonic modes.

The JS version is compatible with the Android version. There's also iOS (
[https://github.com/quiet/QuietModemKit](https://github.com/quiet/QuietModemKit)
) and C ( [https://github.com/quiet/quiet](https://github.com/quiet/quiet) )
which interop as well.

The throughput you can get changes depending on conditions. Across a cable,
you can achieve about 64kbps. Across a short air gap, about 3-4 kbps. Across a
room, you can maintain 5 bps or so. There's no capacity negotiation/detection,
instead you preconfigure using a modem profile.

A good demonstration of Quiet's flexibility can be seen here
[https://quiet.github.io/quiet-profile-lab](https://quiet.github.io/quiet-
profile-lab)

~~~
MHammond
Do you have any recommendations for microphones suitable for desktop use?

------
sondh
Our team worked on a similar idea and the test phone speakers died pretty
fast, probably 2 out of 3 within a month. The cause may be (1) we over-
stressed them too much (2) they were cheap Samsung phones and (3) we used
frequency around 20kHz to avoid annoying human users (this library seems to
operate at 17+kHz at most). Our conclusion at the time was consumer speakers
and microphones are not good enough. Would love to hear whether Quiet has the
same issue.

~~~
jokoon
Funny, I say my cheap, 2 year old, $60 huawei phone die a couple of months
ago. At the end it was emitting weird sounds from its speaker. It would not
boot properly anymore.

------
the_mitsuhiko
I was always thinking that broadcasting high pitched audio signals would be an
awesome way to drive a companion website in a theater or museum. As you follow
the play subtitles advance or text for a painting comes up on your phone.

~~~
breatheoften
I’ve been wanting theaters to adapt a protocol like this to control the color
of light sources in the theater (row lights, emergency exit sign). Make all
those lights with color leds and let the color be controlled by signal
embedded in the audio track of the movie — then subtle mood lighting effects
would become an option for movie makers... would be fun for some movies — the
stars wars scene in the emperor’s thrown room comes to mind as a good example.

~~~
saganus
Maybe the law is very specific in the color and amount of light that emergency
signs and row lights are allowed to have?

I'm just speculating, but I don't remember the last time I saw a non-green
exit sign. I think I've seen them red but very seldomly.

Could that be something preveting such innovations?

I do agree however that it would probably be cool. Sometime ago I got a
lightpack (I think it was called?) from a kickstart project, that had a
similar effect but for your tv of computer monitor and it looked great.

~~~
auxym
> I'm just speculating, but I don't remember the last time I saw a non-green
> exit sign. I think I've seen them red but very seldomly.

In North America?

At least here in Canada, I see almost only red exit signs like this:
[http://www.mulelighting.com/product/E-StarSeries.jpg](http://www.mulelighting.com/product/E-StarSeries.jpg)

Only in new construction have I started seeing these green signs:
[https://lerablog.org/wp-content/uploads/2013/05/emergency-
ex...](https://lerablog.org/wp-content/uploads/2013/05/emergency-exit.gif)

~~~
saganus
In Mexico at least.

Now that I think about it, I do have seen red ones in Canada and the US.

In any case, it seems that it's a color chosen to comply with some law,
instead of just an arbitrary choice. In that sense I'm not sure if regulations
would let movie theaters (or other businesses) change the color.

~~~
breatheoften
I agree that there is probably a regulatory obstacle — i imagine its at least
theoretically possible to overcome and would be pretty cool!

------
amelius
Here's another idea: TCP over vibration. Put one phone on top of the other,
the bottom one in vibration mode, the other using its accelerometer to
receive.

~~~
mlevental
accelerometers are way too imprecise for that to work

~~~
TeMPOraL
How? A naive solution would use only "upwards acceleration" and "lack of
upwards acceleration"; phone accelerometers should be able to handle that
quickly enough to get _at least_ couple dozen bps.

~~~
perfmode
Yeah, you just need put a wide margin between "high" and "low" states. The
bitrate will be low, but it would work.

------
srikz
Google has a SDK called Nearby which is supported on iOS and Android. In the
first version only some sort of address / ID was exchanged using audio and
then the actual message was transferred using GCM, which meant an internet
connection was required. v2 apparently didn't need an online connection but
haven't tested it.

~~~
ehsankia
Their newest payment app in India, called Tez, also uses sound to secure
transactions I believe.

~~~
srikz
Yep, made by Google

------
ktpsns
For headless smallish servers (consumer hardware or SoC like Raspberry Pi) the
sound interface is awesome because it needs no additional hardware (as with
bluetooth + software stack) and almost all mentioned devices have a sound card
on board. I think it's not too hard to setup a getty instance in an old modem
fashion with this.

Additionally, as a client already a smartphone is suitable. This can be
helpful in weird situations (think of non-working network).

------
kbob
Dogs' hearing extends to 45 KHz. Cats hear up to 79 KHz. How do all these
ultrasonic audio systems affect them? Do they cause pain? Do they damage the
animals' hearing?

I won't (knowingly) use ultrasonic audio systems until I see some research on
this topic.

~~~
isostatic
Presumably the amplitude is no louder than normal speakers. 120db will be
dangerous to humans and dogs. 20db won't.

Listening to white noise isn't painful.

------
Normal_gaussian
Can someone with more knowledge expand on the bandwidth limitations here -
what are the hard limits for TCP/sound? Are the speeds here technically able
to improve marginally, significantly, or not at all?

~~~
cdoxsey
Sound can be used as part of a handshake process and then real communication
done over the internet:
[https://en.wikipedia.org/wiki/Interactive_Connectivity_Estab...](https://en.wikipedia.org/wiki/Interactive_Connectivity_Establishment)

~~~
amelius
That could be nice to setup/connect devices that don't have buttons and a
display. E.g. connecting a printer to a tablet, sending wifi passwords to the
printer. (At least, as long as nobody else is listening).

~~~
gambiting
Isn't that solved by RSA? Printer broadcasts its public key saying "hey,
printer here, send me the wifi password please". Your phone uses the printer's
public key to encrypt the wifi password and send it out. The attacker cannot
snoop on the key, because it doesn't have the printer's private key necessary
to decrypt the message.

~~~
Cyph0n
An attacker could still man in the middle the initial key handshake.

Printer: "Printer here, my pubkey is A"

Attacker (races phone): "Alright bro, I got it"

Attacker: "Printer here, my pubkey is B"

Phone: "Alright bro, I got it"

Phone: "Here is the WiFi password, encrypted with B"

Attacker: "Thanks!"

This example is pretty simplistic, but the idea still works even if there is
some form of authentication (e.g., challenge-response).

The way around this is to pre-share some sort of info to verify the
authenticity of any new incoming key.

For example, the user downloads a printer app on their phone that contains a
master pubkey. On the other side, the printer would have a device pubkey
_signed_ with the master private key. When the phone receives a new printer
message, it first veriffies the key signature to ensure that it actually came
from a legitimate printer.

If you can't get some sort of key onto the phone, your best bet is to perform
key exchange out of band. One common technique for phones is NFC: it requires
proximity, making the attack above difficult to execute.

~~~
zokier
> For example, the user downloads a printer app on their phone that contains a
> master pubkey. On the other side, the printer would have a device pubkey
> signed with the master private key. When the phone receives a new printer
> message, it first veriffies the key signature to ensure that it actually
> came from a legitimate printer.

To further increase security, the certificate (signed pubkey) presented should
also contain some unique per-device identifier (serial number or some PIN code
or something). Otherwise attacker could possibly extract keys from a similar
device to conduct the attack.

------
cocktailpeanuts
I see the library has both Android and iOS versions.

I have a question. Is this AppStore-safe? (As in "Is there a chance Apple or
Google may reject the app because it includes this feature?")

~~~
icebraining
Chromecast is already using it on their SDKs for Android and iOS apps (they
call it "audio tokens"):
[https://developers.google.com/cast/docs/guest_mode](https://developers.google.com/cast/docs/guest_mode)

------
SoulMan
Reminds me of Google's tez payment system (does over ultrasonic tough)

------
eecc
Oh imagine the world of exploit for IOT... the drive-by remote 0wns, beauty

------
codazoda
I wonder if this would work over radio such as Ham or Two-Way.

~~~
th0ma5
For low power stuff in amateur radio check out WSPR and FT8.

------
ramshanker
Hammmm. IT Need to disable all audio drivers now?

