If your smartphones, tablets, smart refrigerators, smart TVs, and other intelligent devices are smart enough to make life easier, your intelligent behavior could also be exploited by CovertBand Attack to steal data, invade your privacy or spy on you, If it does not properly secure.
Such an experiment was recently conducted by a team of hacker students demonstrating a new attack method to convert intelligent spy devices that could track every movement, including the inference of sexual activity.
The CovertBand Attack was developed by four researchers at the University of Washington, Paul G. Allen School of Computer Science and Engineering, and is so powerful that it can record what a person is doing through a wall.
Tracking system CovertBand attack uses built-in microphones and loudspeakers, which are found in smartphones, laptops, tablets, smart assistants and other smart devices such as receivers to capture reflected sound waves and motion control of anyone near the audio source.
Here’s how CovertBand Attack works:
The approach involves the intelligent remote seizure attack to play embedded with repetitive impulses that trace the location of musical devices, body movements, and activities close to the device and through the walls.
To do this, the first makeup aggressor victims install a third-party Android app on the smart device that does not require typhus.
Once installed, the malicious application uses AudioTrack API secretly to reproduce 18-20 kHz audio signals and to mask this high-frequency sound, the “covered” Covertband attack pulsed song application or other audio clips acting as a Sonar.
These sound waves then bounce objects and people, which is picked up by a microphone.
Subsequently, the application uses audio record APIs to record signals simultaneously on two microphones for 2D detection. Recorded data is received by the attacker on a laptop computer via Bluetooth for offline processing.
Since attack requires access only to a loudspeaker and a microphone, an attacker could use a lot of intelligent devices that already exist in the victim’s house to spy on unknown targets.
“A remote opponent who commits one of these [intelligent] devices, perhaps through a Trojan application in an app store or remotely, could use our methods to collect remote information on an individual’s home activities. Such an attack, “the researchers said.
For example, a voice streaming application has all the permissions (of speaker and microphone) needed to perform our example Ataque.Por, an attacker could use the built-in library advertisement within a music application To determine if the user is near the phone when an ad is played. ”
CovertBand Attack Video Demo
The researchers have shown how the CovertBand attack could potentially allow an aggressor to distinguish between different types of people’s movements, even when they are in different body positions and orientations.
Researchers specifically experiment with two types of movements:
Linear Movement – When the subject moves in a straight line.
Periodic motion – When the subject stays roughly the same position (lying on the back on the floor) but performs regular exercise.
According to the search document [PDF], these movements would be looking at several spectrogram programs but are sufficient to allow potentially privacy leaks.
“For example, information models that might be of interest to members of the intelligence community, for example, to track a target’s location within a room and (2) could be used to infer sexual activity , Because the importance of protection may vary depending on the culture and cultural standards of the destination or may vary depending on the public’s visibility of the target, for example, status of celebrity or political status, “says the research document.
How the intelligence agency could use CovertBand Attack
While explaining several scenarios, the researchers explained how spying agencies could use these tools to filter out the obscured activity information of a target even in the presence of background noise or coverage.
Imagine an “Alice” spy entering a foreign country and renting a hotel room adjacent to a “Bob” person, who discretely and secretly offered vigil.
Since Alice can not enter the country with a dedicated hardware monitoring simply would use the CovertBand attack to track 2D themes even through walls, something that could work on your phone and not arouse suspicious Bob.
To prove this, the researchers showed a scenario where Bob pretended to spend a routine in the bathroom while Alice used CovertBand attack to keep track of his movements.
They were able to determine that Bob wandered around a bathroom and probably spent less than 20 seconds sitting on the toilet and brushing his teeth.
“Place the 15cm speaker on the bathroom door and perform four tests during which Bob spent less than 20 seconds, doing the following: .the shower, dry on the stairs, sit on the water and brushing the fan Experiment The bathroom was on and We could not hear Bob doing any activity inside the bathroom, “says the research paper.
The researchers believe that their attack could be refined to allow the detection of subtle movements such as movement of hands, arms or fingers for resolution and accuracy even in the absence of a direct way.
Guarding against such attacks involves impractical defenses for most people, such as replaying their 18-20 kHz signals to block CovertBand attack, but this could annoy your pets and children, or sound their windowless homes.
Researchers hope that knowing the consequences of such attacks could induce scientists to develop practical countermeasures.