
33c3: Talking Behind Your Back [video] - beardog
https://media.ccc.de/v/33c3-8336-talking_behind_your_back
======
ChuckMcM
I really enjoyed this talk. It relies on your smart phone being able to pick
up the ultrasonic beacon and return it to the server to tell them you're
there. And it feels a lot like the IMEI sniffing trash bins[1]. I guess there
will be a market for a small ultrasonic 'fuzzer' device which degrades the
beacons.

[1] [http://www.independent.co.uk/life-style/gadgets-and-
tech/new...](http://www.independent.co.uk/life-style/gadgets-and-
tech/news/updated-londons-bins-are-tracking-your-smartphone-8754924.html)

~~~
probablybroken
Or just a lowpass filter in the signal path ( assuming you can get access to
this ).

~~~
TeMPOraL
Makes me wonder, how much data one could fit in the audible spectrum without
humans being able to hear it, using ultrashort pulses and/or some clever
algorithms?

------
Fnoord
This is why you want capability-based security. If there's loads of speakers
which are freely used by applications (lacking capability-based security), you
can just use capability-based security on the microphones. That'd only work if
you can control the devices though; so only on your own home.

On Android you can check which applications want access to microphone since
5.0 or 5.1 and the capability-based design during runtime works since 6.0. On
macOS, it also works, and there's Micro Snitch which notifies the user when
the microphone is active. Its from the same makers as Little Snitch. Its
pretty basic; e.g. if you use Siri the log won't really tell much about which
applications did use it.

~~~
dorian-graph
There's Oversight [1] and Little Flocker [2] from Objective-See which can tell
you if something is attempting to user the microphone or webcam, and allow you
to block it if you'd like.

[1] [https://objective-see.com/products/oversight.html](https://objective-
see.com/products/oversight.html)

[2] [https://www.littleflocker.com/](https://www.littleflocker.com/)

------
lucb1e
Previous discussion:
[https://news.ycombinator.com/item?id=13290378](https://news.ycombinator.com/item?id=13290378)

3 comments, 3 days ago, 19 points.

~~~
beardog
Damn, I did a search but I missed it. Sorry.

~~~
lucb1e
It's not criticism! As far as I know it's not against the rules to re-post. I
just remembered seeing it before and thought I'd link to other comments people
previously made.

