Welcome to your sci-fi dystopia: Sonic firewalls to crumble inaudible ad-tracking phone cookies Boffins in Austria have developed a defense against acoustic cookies, a form of ad tracking by which smartphones can send and receive data using sounds people can't hear. App developers can implement ultrasound data transfer on their own or using various SDKs, such as XT Audio Beacons or Lisnr, or the Google Nearby API. ads …
Someone please explain why you can't just put a filter on the speaker that will filter out inaudible sounds anyway. Why would you WANT inaudible sounds to play? Surely that's just EM interference, power usage etc. that you don't need.
I imagine, what, a single inductor/cap of the right value would filter those sounds right out of playing anyway?
Most likely because the frequency that can be played by a speaker are not discrete values that can be switched on and off separately. Applying a filter on inaudible frequencies is likely to distort audible ones.
And of course, there's the meatspace issue: what's audible for some human beings is not for others, so it's not like you could just apply a one-size-fits-all filter.
It's not exactly ultrasonic:
1) The source (not usually the phone) often can playback more than 18KHz to 19kHz, the Nyquist limit on speaker source is 24kHz for 48KHz samples and 22kHz for 44KHz.
Few people can hear above 16KHz, almost no adults. So likely the "cookies" are between 16KHz and 18KHz, to be inaudible to most people and pass through the post DAC low pass filter.
The electret microphone is is used by the spying app on phone (or possibly even Android TV, Echo etc). I've tested small ones and they do reduce output after 20KHz due to self capacitance. They do pick up 40KHz true Ultrasonic transmitters and may work to over 60KHz.
The Spying App has to use the onboard ADC, which will typically sample at 48KHz, thus anything above 24KHz will alias. Likely there is SOME analogue filtering in from of ADC or else 40KHz "rodent" controller (they might annoy dogs and Guinea pigs but no evidence they deter rats & mice) would cause a 8KHz whistle, as the aliasing is like multiplicative mixing.
So it's likely these are 16KHz to 18kHz band. I have a suitable microphone sensor and a spectrum analyser. Anyone tell me where I can hear them?
To abuse it.
So far I have found no need to use voice to turn on or otherwise control my phone, I have voice control disabled and no permissions granted except for my camera app.
There are too many solutions for nonexistent problems, it seems a lot of usability and apps are designed from the outset for abuse.
"Here I thought there was something new in Sonic Firewalls from Dell... You do know there is a product called a Sonic Firewall?"
When using the Pedantic grammar nazi alert icon you really should double-check your facts.
a) the firewall brand is Sonicwall
b) Dell sold the Sonicwall business couple years ago
HAND.
I never use my phone for anything else than actually talking to people. I don't download apps and I barely use any of the ones provided out-of-the-box.
Of course, if actual permission granularity was provided in the phone OS by default, maybe I'd venture a bit forward in this domain. As it is, I consider phones and app stores to be a nest of vipers waiting to strike at my privacy.
" if actual permission granularity was provided in the phone OS by default"
If you actually knew how to use your phone you would find it is. Doesn't even matter which OS you prefer, both have had individual permissions for apps for a couple of years now and you can even continue to use most apps with a less than complete set of the permissions they request.
"Stop mics and speakers working over 25khz."
It's dubious that they use over 21KHz (22.05 or 24kHz Nyquist limits)
You'd have to limit them to 12KHz to be sure older people can't hear. A bit less than FM Radio.
Most people can't hear above 16KHz to 18KHz.
HiFi people would be upset.
https://www.theregister.co.uk/2018/05/24/alexa_recording_couple/
http://www.theregister.co.uk/2018/05/22/facebook_data_leak_no_account/
*
And here we have yet another technical exploit implemented to exploit paying customers...behind their backs. I wonder who benefits....certainly not the customer - who doesn't even know it's going on.
*
Welcome to the future.
Smart phones and the IoT are definitely going to continue in this direction until the World in general gets smart enough to slap them down, I won't be holding my breath waiting for that event.
The consumer is not only the product but they have to pay for it too.
They know which channel you're watching, what is playing on that channel and it gives them a further interest to add to your profile. If the TV is "smart" they could also possibly get a rough, WiFi derived location from the exchange. You're not thinking like an ad-flinger.
Filter ultrasound on the handset;
Add _nomap to your SSID;
Firewall the "smart" TV by MAC.
Or just forget all this nonsense and read a (real) book.
Personally I shield myself with a small cluster of bats. This also has the added benefit that nobody can make any building alterations around me without a bat survey.
Actually I think there’s something here for me and my bats.
BOBB
Buffer Overflow By Bat
So you need to identify a vulnerability in the ultrasound message parsing code in the application, develop an exploit for it, and then train your bats to go out and deliver the payload to unsuspecting day walkers.
All I need now is a suitable logo!
Oh, and bats. Definitely need bats.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
